blocking malicious IPs

[gettheman]

message I get

[gettheman]

next page I try

[gettheman]

next site I log onto

[gettheman]

bitdefender took it upon itself to do a tune up and got rid of 239 unwanted registry keys

then it rebooted and it hangs for 5 mins before I get the welcome screen on windows after booting up

[Maurice Naggar]

Can you locate the Bitdefender log & then Copy & paste into a reply? for my review.

Tell me if you Uninstalled Firefox then got a new download & setup of Firefox ? yes / no ?

Next Task

Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

RIGHT-click flush.bat file & select RUN as Administrator to start it. Your computer will reboot.

Task 2

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

Task 3

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

• RIGHT click on RSIT.exe & select RUN as Administrator to start RSIT and Allow to run.
  
• Click Continue at the RSIT disclaimer screen.
  
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Download Security Check by screen317 from >>here<<.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

Task 4

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

• Accept the Terms of Use and press Start button;
  
• Approve the install of the required ActiveX Control, then follow on-screen instructions;
  
• Enable (check) the Remove found threats option, and run the scan.
  
• After the scan completes, the Details tab in the Results window will display what was found and removed.
  • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

  Look at contents of this file using Notepad.

  The Frequently Asked Questions for ESET Online Scanner can be viewed here

  http://go.eset.com/us/online-scanner/faq

  • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
    (And the prompt re-enabling when finished.)
    
  • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    
  • Do not use the system while the scan is running. Once the full scan is underway, go take a long break
    

Re-enable the antivirus program.

Reply with copy of the Eset scan log

[gettheman]

am having difficulties getting on bitdefender says services not responding

[gettheman]

yes uninstalled and reset firefox. is bitdefender worth ditching?

[gettheman]

am downloading everything you ask but 1st time on each page server not found. Cant acess bitdefender registry logs

logs to follow

[gettheman]

thats the error I get if i try to move mbar to a file and extract so have to run it from the upzipped file

[Maurice Naggar]

Leave your antivirus installed, as is. Now is not the time to switch antivirus programs.

Put aside MBAR at this time.

Do try to turn off BitDefender a-v so that it does not interfere with the tools we use.

Next:

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

[gettheman]

I managed to get mbar done, you still want the logs?

[gettheman]

mbar found nothing

Logfile of random's system information tool 1.09 (written by random/random)

Run by Chris at 2013-04-14 19:10:59

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 177 GB (60%) free of 295 GB

Total RAM: 3060 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:11:06, on 14/04/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16476)

Boot mode: Normal

Running processes:

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Users\Chris\Desktop\RSIT.exe

C:\Program Files\trend micro\Chris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

O4 - HKLM\..\RunOnce: [Z1] cmd /c "C:\Users\Chris\AppData\Local\temp\Rar$EXa0.644\mbar\mbar.exe" /cleanup /s

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe

O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

--

End of file - 4761 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\zk7l92vm.default-1365749469265

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files\McAfee\SiteAdvisor

"{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

"{DAC3F861-B30D-40dd-9166-F4E75327FAC7}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 11.6.602.180 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]

"Description"=Adobe Shockwave Player

"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/SAFFPlugin]

"Description"=

"Path"=C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18]

"Description"=RealPlayer LiveConnect-Enabled Plug-In

"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1]

"Description"=RealNetworks RealDownloader Chrome Background Extension Plug-In

"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1]

"Description"=RealNetworks RealDownloader HTML5VideoShim Plug-In

"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1]

"Description"=RealNetworks RealDownloader Peppe rFlash Video Shim Plug-In

"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14]

"Description"=RealNetworks RealPlayer Chrome Background Extension Plug-In

"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14]

"Description"=RealPlayer HTML5VideoShim Plug-In

"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18]

"Description"=RealPlayer Download Plugin

"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]

"Description"=RealDownloader Plugin

"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.3]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

McSiteAdvisor.xml

twitter.xml

wikipedia.xml

yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-03-06 540328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2012-12-04 262080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-25 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-25 170520]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-17 4907008]

"KiesTrayAgent"=C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [2013-02-13 310128]

"Bdagent"=C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [2013-03-26 1617440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Z1"=cmd /c C:\Users\Chris\AppData\Local\temp\Rar$EXa0.644\mbar\mbar.exe /cleanup /s []

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-04-18 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRkrn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"VIDC.FFDS"=ff_vfw.dll

"msacm.siren"=sirenacm.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-04-14 19:11:00 ----D---- C:\Program Files\trend micro

2013-04-14 19:10:59 ----D---- C:\rsit

2013-04-11 23:12:17 ----D---- C:\Program Files\Mozilla Firefox

2013-04-11 22:28:32 ----A---- C:\TDSSKiller.2.8.16.0_11.04.2013_22.28.32_log.txt

2013-04-11 08:39:38 ----A---- C:\Windows\ntbtlog.txt

2013-04-10 10:04:15 ----A---- C:\Windows\system32\vbscript.dll

2013-04-10 10:04:15 ----A---- C:\Windows\system32\mshtmled.dll

2013-04-10 10:04:15 ----A---- C:\Windows\system32\ieui.dll

2013-04-10 10:04:14 ----A---- C:\Windows\system32\wininet.dll

2013-04-10 10:04:14 ----A---- C:\Windows\system32\msfeeds.dll

2013-04-10 10:04:14 ----A---- C:\Windows\system32\jsproxy.dll

2013-04-10 10:04:14 ----A---- C:\Windows\system32\jscript.dll

2013-04-10 10:04:14 ----A---- C:\Windows\system32\ieUnatt.exe

2013-04-10 10:04:13 ----A---- C:\Windows\system32\urlmon.dll

2013-04-10 10:04:13 ----A---- C:\Windows\system32\url.dll

2013-04-10 10:04:13 ----A---- C:\Windows\system32\jscript9.dll

2013-04-10 10:04:13 ----A---- C:\Windows\system32\iertutil.dll

2013-04-10 10:04:11 ----A---- C:\Windows\system32\mshtml.dll

2013-04-10 10:04:11 ----A---- C:\Windows\system32\ieframe.dll

2013-04-10 06:00:38 ----A---- C:\Windows\system32\drivers\ntfs.sys

2013-04-10 06:00:36 ----A---- C:\Windows\system32\ntkrnlpa.exe

2013-04-10 06:00:35 ----A---- C:\Windows\system32\smss.exe

2013-04-10 06:00:35 ----A---- C:\Windows\system32\ntoskrnl.exe

2013-04-10 06:00:35 ----A---- C:\Windows\system32\csrsrv.dll

2013-04-10 06:00:34 ----A---- C:\Windows\system32\mstscax.dll

2013-04-10 06:00:33 ----A---- C:\Windows\system32\winsrv.dll

2013-04-10 06:00:30 ----A---- C:\Windows\system32\win32k.sys

2013-04-09 23:50:01 ----A---- C:\AdwCleaner[R17].txt

2013-04-09 22:58:47 ----D---- C:\Program Files\ERUNT

2013-04-09 04:39:29 ----D---- C:\ProgramData\Dumps

2013-04-08 22:15:14 ----A---- C:\bdlog.txt

2013-04-08 22:10:22 ----D---- C:\ProgramData\BDLogging

2013-04-08 22:10:11 ----A---- C:\Windows\system32\drivers\bdvedisk.sys

2013-04-08 22:10:10 ----A---- C:\Windows\system32\drivers\bdsandbox.sys

2013-04-08 22:10:10 ----A---- C:\Windows\system32\drivers\BdfNdisf6.sys

2013-04-08 22:10:10 ----A---- C:\Windows\capicom.dll

2013-04-08 22:10:08 ----A---- C:\Windows\system32\WdfCoInstaller01009.dll

2013-04-08 22:10:04 ----A---- C:\Windows\system32\drivers\avchv.sys

2013-04-08 22:10:03 ----A---- C:\Windows\system32\drivers\avckf.sys

2013-04-08 22:10:03 ----A---- C:\Windows\system32\drivers\avc3.sys

2013-04-08 22:05:11 ----D---- C:\Users\Chris\AppData\Roaming\Bitdefender

2013-04-08 22:05:07 ----D---- C:\ProgramData\Bitdefender

2013-04-08 22:04:11 ----D---- C:\Users\Chris\AppData\Roaming\QuickScan

2013-04-08 22:03:50 ----A---- C:\Windows\system32\drivers\gzflt.sys

2013-04-08 22:03:47 ----D---- C:\Program Files\Bitdefender

2013-04-08 22:03:47 ----A---- C:\Windows\system32\drivers\trufos.sys

2013-04-08 22:03:21 ----D---- C:\Program Files\Common Files\Bitdefender

2013-03-29 22:19:51 ----SHD---- C:\$RECYCLE.BIN

2013-03-29 22:19:49 ----D---- C:\Windows\temp

2013-03-23 00:05:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-03-23 00:05:30 ----A---- C:\Windows\system32\drivers\mbam.sys

2013-03-22 20:27:27 ----D---- C:\Program Files\ESET

2013-03-21 13:49:17 ----A---- C:\AdwCleaner[s10].txt

2013-03-20 18:46:14 ----D---- C:\Program Files\Emsisoft Anti-Malware

2013-03-18 22:09:17 ----A---- C:\Windows\system32\drivers\ssudmdm.sys

2013-03-18 22:09:17 ----A---- C:\Windows\system32\drivers\ssudbus.sys

2013-03-18 22:02:20 ----A---- C:\Windows\system32\drivers\dgderdrv.sys

2013-03-18 22:02:20 ----A---- C:\Windows\system32\DIFxAPI.dll

2013-03-18 22:02:20 ----A---- C:\Windows\system32\dgderapi.dll

2013-03-18 14:42:27 ----D---- C:\Program Files\RealNetworks

2013-03-18 14:42:26 ----D---- C:\ProgramData\RealNetworks

2013-03-18 14:41:46 ----D---- C:\Program Files\Common Files\xing shared

2013-03-18 00:23:05 ----A---- C:\Windows\system32\drivers\usb8023.sys

2013-03-16 16:41:33 ----D---- C:\Program Files\TunnelBear

2013-03-16 13:12:19 ----A---- C:\AdwCleaner[R16].txt

======List of files/folders modified in the last 1 month======

2013-04-14 19:11:00 ----RD---- C:\Program Files

2013-04-14 19:10:44 ----D---- C:\Windows\system32\drivers\etc

2013-04-14 19:10:32 ----D---- C:\Windows\system32\drivers

2013-04-14 18:30:57 ----D---- C:\Windows\System32

2013-04-14 18:30:57 ----D---- C:\Windows\inf

2013-04-14 18:30:57 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-04-14 18:20:31 ----D---- C:\Windows\Prefetch

2013-04-14 17:56:36 ----D---- C:\Windows

2013-04-14 17:56:36 ----D---- C:\ProgramData\AVAST Software

2013-04-14 17:51:21 ----SHD---- C:\System Volume Information

2013-04-14 16:53:36 ----D---- C:\Windows\system32\Tasks

2013-04-14 16:53:17 ----SHD---- C:\Windows\Installer

2013-04-14 16:53:17 ----D---- C:\Config.Msi

2013-04-14 16:51:08 ----D---- C:\Program Files\AVAST Software

2013-04-14 16:39:46 ----D---- C:\Program Files\Mozilla Maintenance Service

2013-04-14 13:57:37 ----D---- C:\Program Files\Windows Live

2013-04-13 20:06:30 ----D---- C:\Users\Chris\AppData\Roaming\vlc

2013-04-13 00:00:35 ----D---- C:\Windows\system32\catroot2

2013-04-11 00:30:36 ----D---- C:\Windows\Debug

2013-04-10 12:11:09 ----D---- C:\Program Files\Common Files\Adobe AIR

2013-04-10 10:07:50 ----D---- C:\Windows\system32\migration

2013-04-10 10:07:50 ----D---- C:\Program Files\Internet Explorer

2013-04-10 10:05:37 ----D---- C:\Windows\winsxs

2013-04-10 10:04:45 ----D---- C:\Windows\system32\catroot

2013-04-10 10:02:56 ----A---- C:\Windows\system32\mrt.exe

2013-04-09 23:50:24 ----D---- C:\JRT

2013-04-09 22:59:02 ----D---- C:\Windows\ERDNT

2013-04-09 04:39:29 ----D---- C:\ProgramData

2013-04-08 22:03:21 ----D---- C:\Program Files\Common Files

2013-04-04 18:40:11 ----D---- C:\Users\Chris\AppData\Roaming\Opera

2013-04-04 18:40:10 ----D---- C:\Program Files\Opera

2013-04-04 12:40:59 ----D---- C:\Program Files\CCleaner

2013-03-29 22:18:06 ----A---- C:\Windows\system.ini

2013-03-29 22:15:46 ----D---- C:\Windows\AppPatch

2013-03-28 23:24:12 ----D---- C:\Users\Chris\AppData\Roaming\Vso

2013-03-22 23:23:38 ----A---- C:\Windows\system32\npdeployJava1.dll

2013-03-22 23:23:38 ----A---- C:\Windows\system32\deployJava1.dll

2013-03-22 23:21:12 ----D---- C:\Program Files\VS Revo Group

2013-03-20 23:13:27 ----SD---- C:\ProgramData\Microsoft

2013-03-18 22:11:54 ----RSD---- C:\Windows\assembly

2013-03-18 22:11:54 ----D---- C:\Windows\Microsoft.NET

2013-03-18 22:02:17 ----D---- C:\Program Files\InstallShield Installation Information

2013-03-18 22:01:29 ----D---- C:\ProgramData\Samsung

2013-03-18 14:43:05 ----D---- C:\Users\Chris\AppData\Roaming\RealNetworks

2013-03-18 14:41:50 ----D---- C:\Program Files\Real

2013-03-18 14:41:42 ----D---- C:\ProgramData\Real

2013-03-18 14:41:35 ----A---- C:\Windows\system32\rmoc3260.dll

2013-03-18 14:41:17 ----A---- C:\Windows\system32\pndx5032.dll

2013-03-18 14:41:17 ----A---- C:\Windows\system32\pndx5016.dll

2013-03-18 14:41:15 ----A---- C:\Windows\system32\pncrt.dll

2013-03-16 13:01:24 ----D---- C:\Program Files\Google

2013-03-16 13:01:17 ----D---- C:\Windows\Tasks

2013-03-16 00:00:44 ----D---- C:\ProgramData\Adobe

2013-03-15 23:58:55 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2013-03-15 23:20:38 ----D---- C:\Program Files\K-Lite Codec Pack

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 avc3;avc3; C:\Windows\system32\DRIVERS\avc3.sys [2013-01-11 625128]

R0 gzflt;gzflt; C:\Windows\system32\DRIVERS\gzflt.sys [2012-10-04 162976]

R0 trufos;trufos; C:\Windows\system32\DRIVERS\trufos.sys [2012-10-31 343456]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver; \??\c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-07-06 77192]

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [2011-11-14 130640]

R1 bdselfpr;bdselfpr; \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [2012-10-02 134136]

R1 BDVEDISK;BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [2012-04-17 72704]

R3 avchv;avchv Function Driver; C:\Windows\system32\DRIVERS\avchv.sys [2012-11-02 242504]

R3 avckf;avckf; C:\Windows\system32\DRIVERS\avckf.sys [2013-01-11 482928]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-04-18 2354176]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-24 2054872]

R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 22856]

R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-12-28 47360]

R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]

S3 BDSandBox;BDSandBox; \??\C:\Windows\system32\drivers\bdsandbox.sys [2012-11-12 66392]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2013-01-31 83168]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 gttap1;GoTrusted TAP Adapter; C:\Windows\system32\DRIVERS\gttap1.sys []

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]

S3 MOSUMAC;USB-Ethernet Driver; C:\Windows\system32\DRIVERS\MOSUMAC.SYS [2009-12-10 43520]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2013-01-31 181344]

S3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2011-12-15 26624]

S3 WinUSB;SAMSUNG Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]

R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSrv.exe [2007-12-05 77824]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe [2012-12-04 95232]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]

R2 SafeBox;SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [2012-06-25 82824]

R2 UPDATESRV;Bitdefender Desktop Update Service; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-02-26 55984]

R2 VSSERV;Bitdefender Virus Shield; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [2013-03-26 1345008]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 253656]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-11 115608]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S4 BdDesktopParental;Bitdefender Desktop Parental Control; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-02-26 62688]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2013-04-14 19:11:10

======Uninstall list======

Leawo Video Converter version 5.1.0.0-->"C:\Program Files\Leawo\Video Converter\unins000.exe"

Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A0087DDE-69D0-11E2-AD57-43CA6188709B}

Adobe Community Help-->msiexec /qb /x {3521BDBD-D453-5D9F-AA55-44B75D214629}

Adobe Community Help-->MsiExec.exe /I{3521BDBD-D453-5D9F-AA55-44B75D214629}

Adobe Download Assistant-->msiexec /qb /x {969E11AA-8F3A-F162-1A5A-0965E216B6CE}

Adobe Download Assistant-->MsiExec.exe /I{969E11AA-8F3A-F162-1A5A-0965E216B6CE}

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe -maintain activex

Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -maintain plugin

Adobe Reader XI (11.0.02)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AB0000000001}

Adobe Shockwave Player 12.0-->"C:\Windows\system32\Adobe\Shockwave 12\uninstaller.exe"

Apple Application Support-->MsiExec.exe /I{F5266D28-E0B2-4130-BFC5-EE155AD514DC}

Apple Mobile Device Support-->MsiExec.exe /I{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

Bitdefender Total Security 2013-->C:\Program Files\Common Files\Bitdefender\SetupInformation\{34480DEE-54D6-4985-A817-CA30E9BBC94C}\installer.exe

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

ConvertXtoDVD 4.0.9.322-->"C:\Program Files\VSO\ConvertX\4\unins000.exe"

D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}

EasyBCD 1.7-->C:\Program Files\NeoSmart Technologies\EasyBCD\uninstall.exe

ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"

ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

ffdshow [rev 2180] [2008-10-04]-->"C:\Program Files\ffdshow\unins000.exe"

FileHippo.com Update Checker-->"C:\Program Files\FileHippo.com\uninstall.exe"

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {99A120B0-F930-3427-A833-FAD753B85527} /parameterfolder Client

Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}

K-Lite Codec Pack 7.0.0 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes Anti-Malware version 1.75.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}

Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}

Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}

Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}

Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}

Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}

Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}

Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}

Microsoft_VC90_MFCLOC_x86-->MsiExec.exe /I{B6D38690-755E-4F40-A35A-23F8BC2B86AC}

Mozilla Firefox 20.0.1 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe"

MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}

MSXML 4.0 SP3 Parser (KB2721691)-->MsiExec.exe /I{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}

MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}

MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}

MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}

Nero 7 Lite 7.10.1.2-->"C:\Program Files\Nero\unins000.exe"

Opera 12.15-->"C:\Program Files\Opera\Opera.exe" /uninstall

QuickTime-->MsiExec.exe /I{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}

RealDownloader-->MsiExec.exe /X{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}

RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}

RealNetworks - Microsoft Visual C++ 2010 Runtime-->MsiExec.exe /X{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}

RealPlayer-->C:\Program Files\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|16.0

RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}

Revo Uninstaller 1.94-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe

Samsung Kies-->"C:\Program Files\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409 -removeonly

Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}

SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\Samsung\USB Drivers\Uninstall.exe

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B7C20E16-9A3A-3F05-A6B5-E15AA09200E0} /parameterfolder Client

Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}

Skitch-->C:\Program Files\Evernote\Skitch\uninstall.exe

swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

VLC media player 2.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}

Windows Live ID Sign-in Assistant-->MsiExec.exe /I{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}

Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}

Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}

Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}

Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}

Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}

Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}

Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}

Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}

Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}

Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}

Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}

Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}

Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}

Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR 4.20 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

YouTube Downloader App 3.00-->C:\Program Files\Regensoft\Downloader App\uninstaller.exe

======Hosts File======

127.0.0.1 localhost

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: DELL-530

Event Code: 4374

Message: Windows Servicing identified that package KB2813345(Security Update) is not applicable for this system

Record Number: 133917

Source Name: Microsoft-Windows-Servicing

Time Written: 20130410045946.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: DELL-530

Event Code: 4374

Message: Windows Servicing identified that package KB2820917(Security Update) is not applicable for this system

Record Number: 133905

Source Name: Microsoft-Windows-Servicing

Time Written: 20130410045939.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: DELL-530

Event Code: 4374

Message: Windows Servicing identified that package KB2820917(Security Update) is not applicable for this system

Record Number: 133904

Source Name: Microsoft-Windows-Servicing

Time Written: 20130410045939.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: DELL-530

Event Code: 4374

Message: Windows Servicing identified that package KB2808735(Security Update) is not applicable for this system

Record Number: 133892

Source Name: Microsoft-Windows-Servicing

Time Written: 20130410045907.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: DELL-530

Event Code: 4374

Message: Windows Servicing identified that package KB2808735(Security Update) is not applicable for this system

Record Number: 133891

Source Name: Microsoft-Windows-Servicing

Time Written: 20130410045907.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: DELL-530

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

15 user registry handles leaked from \Registry\User\S-1-5-21-3299710142-3868310564-1978959094-1001:

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\TrustedPeople

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\Root

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\Disallowed

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\SystemCertificates

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\SystemCertificates

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\SystemCertificates

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\SystemCertificates

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\trust

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\My

Process 2608 (\Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\CA

Record Number: 48573

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20130410224900.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: DELL-530

Event Code: 1000

Message: Faulting application mbar.exe, version 1.1.0.1022, time stamp 0x514b6476, faulting module QtGui4.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0x1458, application start time 0x01ce36016141eb4b.

Record Number: 48567

Source Name: Application Error

Time Written: 20130410153802.000000-000

Event Type: Error

User:

Computer Name: DELL-530

Event Code: 1002

Message: The program WinMail.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 8d0 Start Time: 01ce35cc1327164b Termination Time: 0

Record Number: 48543

Source Name: Application Hang

Time Written: 20130410091838.000000-000

Event Type: Error

User:

Computer Name: DELL-530

Event Code: 10

Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Record Number: 48533

Source Name: Microsoft-Windows-WMI

Time Written: 20130410091112.000000-000

Event Type: Error

User:

Computer Name: DELL-530

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

15 user registry handles leaked from \Registry\User\S-1-5-21-3299710142-3868310564-1978959094-1001:

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\TrustedPeople

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\Root

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\Disallowed

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\SystemCertificates

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\SystemCertificates

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\SystemCertificates

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Policies\Microsoft\SystemCertificates

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\trust

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\My

Process 980 (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe) has opened key \REGISTRY\USER\S-1-5-21-3299710142-3868310564-1978959094-1001\Software\Microsoft\SystemCertificates\CA

Record Number: 48512

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20130410090140.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: DELL-530

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: DELL-530$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x2dc

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 52506

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20130410033400.289266-000

Event Type: Audit Success

User:

Computer Name: DELL-530

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 52505

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20130410033359.774466-000

Event Type: Audit Success

User:

Computer Name: DELL-530

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: DELL-530$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 5

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x2dc

Process Name: C:\Windows\System32\services.exe

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 52504

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20130410033359.774466-000

Event Type: Audit Success

User:

Computer Name: DELL-530

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: DELL-530$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x2dc

Process Name: C:\Windows\System32\services.exe

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 52503

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20130410033359.774466-000

Event Type: Audit Success

User:

Computer Name: DELL-530

Event Code: 1102

Message: The audit log was cleared.

Subject:

Security ID: S-1-5-21-3299710142-3868310564-1978959094-1001

Account Name: Chris

Domain Name: DELL-530

Logon ID: 0x24f56

Record Number: 52502

Source Name: Microsoft-Windows-Eventlog

Time Written: 20130410030700.351266-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Windows Live\Shared;C:\Program Files\QuickTime\QTSystem

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2

"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat

"DFSTRACINGON"=FALSE

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"asl.log"=Destination=file

"CLASSPATH"=.;C:\Program Files\Java\jre7\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre7\lib\ext\QTJava.zip

-----------------EOF-----------------

Results of screen317's Security Check version 0.99.62

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Bitdefender Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

McAfee SiteAdvisor

Malwarebytes Anti-Malware version 1.75.0.1300

CCleaner

Adobe Flash Player 11.6.602.180

Adobe Reader XI

Mozilla Firefox (20.0.1)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

Bitdefender Bitdefender 2013 vsserv.exe

Bitdefender Bitdefender 2013 updatesrv.exe

Bitdefender Bitdefender SafeBox safeboxservice.exe

Bitdefender Bitdefender 2013 bdagent.exe

Bitdefender Bitdefender 2013 seccenter.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

[Maurice Naggar]

Did you do the ESET Online scan ? Need the result of that when done.

Did you do the GMER steps as per reply # 35 from before? Need the log from that.

When you get to a quiet / all-caught up point, Uninstall McAfee Siteadvisor

Then I must know from you, Are the IP outgoing blocks gone ??

[gettheman]

just doing the logs as I type. so far not had any IP blocks yet

have uninstalled mcafee site advisor

normally eset takes 50 mins, now its 46% and seems to have been on ages yet going for well over a hour

[gettheman]

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=248a4aeb50dc944eb1ebd7a4e77799b7

# engine=13461

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-03-22 08:26:20

# local_time=2013-03-22 08:26:20 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=772 16777213 83 95 1077388 140693852 0 0

# compatibility_mode=5892 16776574 100 100 67159587 201516708 0 0

# scanned=108690

# found=1

# cleaned=0

# scan_time=3402

sh=035CDDA6788F63D67CACFFA314325FD6F8875AD1 ft=1 fh=62f7e5d0c3fb9eac vn="probably a variant of Win32/InstallIQ application" ac=I fn="C:\Users\Chris\Downloads\freeopener_715.exe"

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=248a4aeb50dc944eb1ebd7a4e77799b7

# engine=13493

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-03-27 12:03:09

# local_time=2013-03-27 12:03:09 (+0000, GMT Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=772 16777213 83 95 1479197 141095661 0 0

# compatibility_mode=5892 16776574 100 100 67561396 201918517 0 0

# scanned=109922

# found=0

# cleaned=0

# scan_time=3497

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=248a4aeb50dc944eb1ebd7a4e77799b7

# engine=13525

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-04-01 10:54:53

# local_time=2013-04-01 11:54:53 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=772 16777213 83 95 1907101 141523565 0 0

# compatibility_mode=5892 16776574 100 100 67989300 202346421 0 0

# scanned=109800

# found=0

# cleaned=0

# scan_time=3207

# version=8

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=248a4aeb50dc944eb1ebd7a4e77799b7

# engine=13615

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-04-14 08:08:54

# local_time=2013-04-14 09:08:54 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=771 16777214 16 1 11538 11538 0 0

# compatibility_mode=5892 16776574 100 100 69145741 203502862 0 0

# scanned=111670

# found=0

# cleaned=0

# scan_time=6664

[gettheman]

do I try again?

[Maurice Naggar]

Remark: The Eset online scan results are good. I hope you did not run it more than once. (eg, for the sake of time spent).

Also, I did not intend for you to do multiple tasks at the same time. e.g., when doing malware-removal & being helped here, do only 1 thing at a time.

Now then, GMER:

Did you turn off MBAM file system protection (real-time) before starting it?

Did you turn off your antivirus (all the way off) before starting Gmer?

Just let me know.

My sense is that you are clear of your original complaint, and that we can likely begin cleanups/closure.

We had done earlier, 2 different scans with MBAR & nothing was detected.

In addition, a full scan with MBAM was done, with nothing found.

[gettheman]

Did you turn off MBAM file system protection (real-time) before starting it?

Did you turn off your antivirus (all the way off) before starting Gmer?

yes both were off. would you like to try again? no multiple task were done

[Maurice Naggar]

We can wrap this up now. And I'll ask that you monitor the system over the next 2 days.

There should be no outgoing IP blocks while your system is idle & no instant messneger apps & no internet browsers are running.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

Download OTC to your desktop and run it

• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

Jrt.exe

Roguekiller.exe

adwcleaner.exe

RKILL

MBAR

Tdsskiller.exe

Rsit.exe

Gmer.zip

Gmer.exe

securitycheck.exe

You may use Control Panel >> Programs and Features and uninstall ESET Online scan.

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  Get notified when the MVPS HOSTS file is updated
  http://winhelp2002.m...org/updates.htm
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-s...e/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

[gettheman]

thanks

I did the hosts but everytime I try and open spyware defender after downloading it it freezes and downloads is not responding?

[gettheman]

eventually works, all seems to be sorted now. thank you very much

[Maurice Naggar]

I hope you meant Spyware Blaster .....not "spyware defender"

Glad to hear that all is well now. Glad to have helped.