thewovenhand Posted July 4, 2013 ID:698791 Share Posted July 4, 2013 Hi guys, I used this site a few years ago and you were all really helpful, My girlfriend (who is a non-native speaker) was trying to download Open Office and was frustrated by the constant pop ups from Comodo Firewall. So, she decided the best option would be to click OK to each and every prompt. Voila !! Tidynetwork successfully installed. I've run my Avast antivirus, Malwarebytes and the Tidynetwork Removal Tool from Security Stronghold, but there are still entries in the registry and I suspect there are still problems lurking, I hope you would be so kind as to give me some assistance again. Thanks in advance David Link to post Share on other sites More sharing options...
Maniac Posted July 4, 2013 ID:698809 Share Posted July 4, 2013 Hello David and ! My name is Maniac and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Please follow the instructions here and then post the log files in your next reply. http://forums.malwarebytes.org/index.php?showtopic=9573 Link to post Share on other sites More sharing options...
thewovenhand Posted July 5, 2013 Author ID:698965 Share Posted July 5, 2013 Thanks Maniac, much appreciated. Here's the DDS logfile :DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611Run by Mix at 11:39:10 on 2013-07-05Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6005.4657 [GMT 8:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Google Pinyin 2\GooglePinyinService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\SearchIndexer.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Windows\system32\sppsvc.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: AutorunsDisabled - <orphaned>BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllmRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguiuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: EnableUIADesktopToggle = dword:0IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTCP: NameServer = 192.168.15.1TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D} : NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D} : DHCPNameServer = 192.168.15.1TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\14E64627F696461405 : NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\14E64627F696461405 : DHCPNameServer = 192.168.43.1TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\24572776562702A4F696E647 : NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\24572776562702A4F696E647 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\6427565602241636F6E6 : NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\6427565602241636F6E6 : DHCPNameServer = 192.168.43.1TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\E455E4348455B4 : NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\E455E4348455B4 : DHCPNameServer = 192.168.0.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: AutorunsDisabled - <orphaned>x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -hx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-5-20 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-5-20 189936]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-22 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-22 378944]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-10-5 584056]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-10-5 38144]R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-2-22 46280]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-22 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-22 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-20 46808]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\System32\drivers\BazisVirtualCDBus.sys [2011-6-5 198480]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-11 42184]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2013-2-23 545576]S3 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-2-23 389928]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-2-27 31800]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-22 1255736].=============== Created Last 30 ================.2013-07-04 16:03:36 877856 ----a-w- C:\Windows\System32\nvvsvc.exe2013-07-04 16:03:36 6398240 ----a-w- C:\Windows\System32\nvcpl.dll2013-07-04 16:03:36 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-07-04 16:03:36 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll2013-07-04 16:03:36 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll2013-07-04 16:03:36 237856 ----a-w- C:\Windows\System32\nvmctray.dll2013-07-04 16:02:36 -------- d-----w- C:\ProgramData\NVIDIA Corporation2013-07-04 14:50:01 81920 ----a-w- C:\Windows\eSellerateControl350.dll2013-07-04 14:50:01 356352 ----a-w- C:\Windows\eSellerateEngine.dll2013-07-04 14:50:01 274432 ----a-w- C:\Windows\SysWow64\ssleay32.dll2013-07-04 14:50:01 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll2013-07-02 13:44:32 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09ACAA74-5526-427A-861C-17D485C3CFD8}\mpengine.dll2013-06-13 07:32:14 -------- d-----w- C:\Program Files\iPod2013-06-13 07:32:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-13 07:32:13 -------- d-----w- C:\Program Files\iTunes2013-06-12 14:58:11 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-06-12 14:57:53 751104 ----a-w- C:\Windows\System32\win32spl.dll2013-06-12 14:57:52 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-06-12 14:55:18 30720 ----a-w- C:\Windows\System32\cryptdlg.dll2013-06-12 14:55:18 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll2013-06-12 14:52:59 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll2013-06-12 14:52:59 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-06-12 14:51:20 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-06-12 14:51:19 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-06-12 14:51:19 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-06-12 14:51:18 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-06-12 14:51:18 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-06-12 14:51:18 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-06-12 14:51:18 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-06-12 14:51:17 52224 ----a-w- C:\Windows\System32\certenc.dll2013-06-12 14:51:17 43008 ----a-w- C:\Windows\SysWow64\certenc.dll2013-06-12 14:51:17 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-06-12 14:50:22 1887232 ----a-w- C:\Windows\System32\d3d11.dll2013-06-12 14:50:22 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll.==================== Find3M ====================.2013-06-27 21:11:49 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-06-27 21:11:49 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr2013-05-01 18:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys.============= FINISH: 11:40:39.51 =============== And the attach.txt file: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 10/22/2012 10:40:49 AMSystem Uptime: 7/5/2013 11:34:59 AM (0 hours ago).Motherboard: Acer | | Aspire 4741 Processor: Intel® Core i3 CPU M 350 @ 2.27GHz | CPU 1 | 2266/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 100 GiB total, 41.383 GiB free.D: is FIXED (NTFS) - 366 GiB total, 218.822 GiB free.E: is CDROM ()F: is FIXED (NTFS) - 596 GiB total, 149.457 GiB free..==== Disabled Device Manager Items =============.Class GUID: Description: Ethernet ControllerDevice ID: PCI\VEN_14E4&DEV_1692&SUBSYS_033D1025&REV_01\4&9EC9F1C&0&00E0Manufacturer: Name: Ethernet ControllerPNP Device ID: PCI\VEN_14E4&DEV_1692&SUBSYS_033D1025&REV_01\4&9EC9F1C&0&00E0Service: .==== System Restore Points ===================.RP218: 6/29/2013 12:40:53 PM - Windows UpdateRP219: 7/2/2013 9:43:38 PM - Windows UpdateRP220: 7/4/2013 11:48:24 PM - Revo Uninstaller Pro's restore point - Tidy Network Removal ToolRP221: 7/4/2013 11:51:15 PM - Revo Uninstaller Pro's restore point - Oblivion - TweakOblivion 5.10 (Build:370)RP222: 7/5/2013 11:15:03 AM - Revo Uninstaller Pro's restore point - µTorrent.==== Installed Programs ======================.??????? 2.77-Zip 9.20 (x64 edition)Adobe Flash Player 11 ActiveXAdobe Photoshop Lightroom 4.3 64-bitApple Application SupportApple Mobile Device SupportApple Software Updateavast! Free AntivirusBonjourCCleanerCOMODO Internet SecurityD3DX10DropboxFable - The Lost ChaptersGoogle ChromeGoogle Update HelperHitmanPro 3.7Hotspot Shield 2.88iTunesKingsoft Spreadsheets (8.1.0.3030)Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft_VC80_CRT_x86Microsoft_VC90_CRT_x86Movie MakerMSVCRTMSVCRT110MSVCRT110_amd64Nexus Mod ManagerNVIDIA 3D Vision Driver 314.22NVIDIA Control Panel 314.22NVIDIA Graphics Driver 314.22NVIDIA HD Audio Driver 1.3.23.1NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Stereoscopic 3D DriverNVIDIA Update 1.12.12NVIDIA Update ComponentsOblivionOblivion - Horse Armor PackOblivion - Knights of the NineOblivion - Mehrunes RazorOblivion - Spell TomesOblivion - Thieves DenOblivion - Vile LairOblivion - Wizard's TowerOblivion mod manager 1.1.12OpenOffice.org 3.4.1Operation Optimization v1.1.1PeerBlock 1.1 (r518)Photo CommonPhoto GalleryProject64 1.6Realtek High Definition Audio DriverRevo Uninstaller Pro 2.5.9RoboForm 7-8-6-5 (All Users)Rosetta Stone Version 3Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Skype Click to CallSkype™ 6.5SteamSumatraPDFTombraiderUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)VLC media player 2.0.4WinCDEmuWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWrye Bash.==== Event Viewer Messages From Past Week ========.7/5/2013 11:27:44 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR9.7/2/2013 9:39:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x0000000000041287, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070213-16333-01.6/29/2013 6:48:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.6/29/2013 12:38:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.6/29/2013 12:34:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: An instance of the service is already running.6/29/2013 12:33:49 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.6/29/2013 12:33:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.6/29/2013 12:33:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.6/29/2013 12:33:06 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.6/29/2013 12:32:57 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.6/29/2013 12:32:49 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:32:31 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).6/29/2013 12:32:26 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Cryptographic Services service, but this action failed with the following error: An instance of the service is already running.6/29/2013 12:32:26 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:32:26 AM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:32:26 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:32:26 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:32:26 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.6/29/2013 12:32:21 AM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).6/29/2013 12:32:17 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.6/29/2013 12:32:09 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).6/29/2013 12:31:49 AM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).6/29/2013 12:31:49 AM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).6/29/2013 12:31:49 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:49 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:49 AM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.6/29/2013 12:31:49 AM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.6/29/2013 12:31:44 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:44 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:44 AM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:44 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:26 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:26 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.6/29/2013 12:31:26 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:26 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:21 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).6/29/2013 12:31:16 AM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: An instance of the service is already running.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.6/29/2013 12:31:10 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maniac Posted July 5, 2013 ID:699017 Share Posted July 5, 2013 Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingc...to-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please post the C:\ComboFix.txt in your next reply for further review. Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
thewovenhand Posted July 5, 2013 Author ID:699199 Share Posted July 5, 2013 Done. I had some problems though. When running Combofix in normal mode the program couldn't create a backup, couldn't load half the files it needed and didn't finish scanning properly. I had disabled Avast and Comodo before running it. I then booted up in safe mode and Comofix had a pop up warning that Defense+ drivers were still operating. So, I rebooted, disabled Defense+ permanently and rebooted safe mode. Same story. So, I ran Combofix anyway and here's the log : ComboFix 13-07-04.01 - Mix 07/06/2013 1:56.2.4 - x64 MINIMALMicrosoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6005.4676 [GMT 8:00]Running from: c:\users\Mix\Desktop\Disinfect\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\SysWow64\frapsvid.dllc:\windows\SysWow64\shelllnk.dll.Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe ..((((((((((((((((((((((((( Files Created from 2013-06-05 to 2013-07-05 )))))))))))))))))))))))))))))))..2013-07-05 18:04 . 2013-07-05 18:04 -------- d-----w- c:\users\Mix_2\AppData\Local\temp2013-07-05 18:04 . 2013-07-05 18:04 -------- d-----w- c:\users\Default\AppData\Local\temp2013-07-05 15:20 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{87FC7E6A-1297-4F1F-8C08-ACD4AF752371}\mpengine.dll2013-07-04 16:05 . 2013-07-05 03:37 -------- d-----w- c:\users\UpdatusUser2013-07-04 16:03 . 2013-07-05 18:05 -------- d-----w- c:\programdata\NVIDIA2013-07-04 16:03 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll2013-07-04 16:03 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll2013-07-04 16:03 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe2013-07-04 16:03 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll2013-07-04 16:03 . 2013-03-15 04:16 2555680 ----a-w- c:\windows\system32\nvsvcr.dll2013-07-04 16:03 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll2013-07-04 16:02 . 2013-07-04 16:02 -------- d-----w- c:\programdata\NVIDIA Corporation2013-07-04 14:50 . 2012-12-10 02:04 81920 ----a-w- c:\windows\eSellerateControl350.dll2013-07-04 14:50 . 2012-12-10 02:04 356352 ----a-w- c:\windows\eSellerateEngine.dll2013-07-04 14:50 . 2009-07-23 09:32 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll2013-07-04 14:50 . 2009-07-23 09:32 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll2013-06-13 07:32 . 2013-06-13 07:32 -------- d-----w- c:\program files\iPod2013-06-13 07:32 . 2013-06-13 07:32 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-06-13 07:32 . 2013-06-13 07:32 -------- d-----w- c:\program files\iTunes2013-06-12 14:58 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-12 14:57 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll2013-06-12 14:57 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll2013-06-12 14:55 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-12 14:55 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll2013-06-12 14:52 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-06-12 14:52 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-12 14:51 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe2013-06-12 14:51 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-06-12 14:51 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe2013-06-12 14:51 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-12 14:51 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-06-12 14:51 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-06-12 14:51 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-06-12 14:51 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll2013-06-12 14:51 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-06-12 14:51 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-06-12 14:50 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2013-06-12 14:50 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-06-27 21:11 . 2013-05-20 09:56 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-06-27 21:11 . 2012-10-22 03:35 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys2013-06-27 21:11 . 2012-10-22 03:35 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-06-12 15:53 . 2012-10-22 07:41 75825640 ----a-w- c:\windows\system32\MRT.exe2013-05-16 05:01 . 2012-07-17 06:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-09 08:59 . 2013-05-20 09:56 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-05-09 08:59 . 2012-10-22 03:35 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2013-05-09 08:59 . 2012-10-22 03:35 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys2013-05-09 08:59 . 2012-10-22 03:35 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2013-05-09 08:59 . 2012-10-22 03:35 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-05-09 08:58 . 2012-10-22 03:35 41664 ----a-w- c:\windows\avastSS.scr2013-05-09 08:58 . 2012-10-22 03:35 287840 ----a-w- c:\windows\system32\aswBoot.exe2013-05-07 19:04 . 2013-05-07 19:04 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-05-07 19:04 . 2013-05-07 19:04 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-05-07 19:04 . 2013-05-07 19:04 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-05-07 19:04 . 2013-05-07 19:04 81408 ----a-w- c:\windows\system32\icardie.dll2013-05-07 19:04 . 2013-05-07 19:04 77312 ----a-w- c:\windows\system32\tdc.ocx2013-05-07 19:04 . 2013-05-07 19:04 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-05-07 19:04 . 2013-05-07 19:04 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-05-07 19:04 . 2013-05-07 19:04 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-05-07 19:04 . 2013-05-07 19:04 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-05-07 19:04 . 2013-05-07 19:04 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-05-07 19:04 . 2013-05-07 19:04 599552 ----a-w- c:\windows\system32\vbscript.dll2013-05-07 19:04 . 2013-05-07 19:04 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-05-07 19:04 . 2013-05-07 19:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-05-07 19:04 . 2013-05-07 19:04 51200 ----a-w- c:\windows\system32\imgutil.dll2013-05-07 19:04 . 2013-05-07 19:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-05-07 19:04 . 2013-05-07 19:04 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-05-07 19:04 . 2013-05-07 19:04 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-05-07 19:04 . 2013-05-07 19:04 441856 ----a-w- c:\windows\system32\html.iec2013-05-07 19:04 . 2013-05-07 19:04 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-05-07 19:04 . 2013-05-07 19:04 361984 ----a-w- c:\windows\SysWow64\html.iec2013-05-07 19:04 . 2013-05-07 19:04 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-05-07 19:04 . 2013-05-07 19:04 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-05-07 19:04 . 2013-05-07 19:04 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-05-07 19:04 . 2013-05-07 19:04 247296 ----a-w- c:\windows\system32\webcheck.dll2013-05-07 19:04 . 2013-05-07 19:04 235008 ----a-w- c:\windows\system32\url.dll2013-05-07 19:04 . 2013-05-07 19:04 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-05-07 19:04 . 2013-05-07 19:04 226304 ----a-w- c:\windows\system32\elshyph.dll2013-05-07 19:04 . 2013-05-07 19:04 216064 ----a-w- c:\windows\system32\msls31.dll2013-05-07 19:04 . 2013-05-07 19:04 197120 ----a-w- c:\windows\system32\msrating.dll2013-05-07 19:04 . 2013-05-07 19:04 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-05-07 19:04 . 2013-05-07 19:04 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-05-07 19:04 . 2013-05-07 19:04 167424 ----a-w- c:\windows\system32\iexpress.exe2013-05-07 19:04 . 2013-05-07 19:04 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-05-07 19:04 . 2013-05-07 19:04 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-05-07 19:04 . 2013-05-07 19:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-05-07 19:04 . 2013-05-07 19:04 149504 ----a-w- c:\windows\system32\occache.dll2013-05-07 19:04 . 2013-05-07 19:04 144896 ----a-w- c:\windows\system32\wextract.exe2013-05-07 19:04 . 2013-05-07 19:04 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-05-07 19:04 . 2013-05-07 19:04 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-05-07 19:04 . 2013-05-07 19:04 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-05-07 19:04 . 2013-05-07 19:04 13824 ----a-w- c:\windows\system32\mshta.exe2013-05-07 19:04 . 2013-05-07 19:04 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-05-07 19:04 . 2013-05-07 19:04 136192 ----a-w- c:\windows\system32\iepeers.dll2013-05-07 19:04 . 2013-05-07 19:04 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-05-07 19:04 . 2013-05-07 19:04 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-05-07 19:04 . 2013-05-07 19:04 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-05-07 19:04 . 2013-05-07 19:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-05-07 19:04 . 2013-05-07 19:04 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-05-07 19:04 . 2013-05-07 19:04 102912 ----a-w- c:\windows\system32\inseng.dll2013-05-01 18:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 05:49 . 2013-05-16 05:10 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-16 05:10 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-16 05:10 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-16 05:10 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-16 05:10 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-16 05:10 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 14:45 . 2013-04-27 09:09 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 06:01 . 2013-05-16 05:10 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 06:01 . 2013-05-16 05:10 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 03:30 . 2013-05-16 05:09 3153920 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Mix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Mix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Mix\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804] Ime File REG_SZ GOOGLEPINYIN2.IME.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]R3 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]R3 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]S0 aswRvrt;aswRvrt; [x]S0 aswVmm;aswVmm; [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-01 21:11 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28 17:16].2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-28 17:16].2013-06-14 c:\windows\Tasks\WpsUpdateTask_Mix.job- c:\program files (x86)\Kingsoft\Kingsoft Spreadsheets\office6\wpsupdate.exe [2011-11-03 03:38]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Mix\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Mix\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Mix\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Mix\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-10-22 11106408].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 192.168.15.1TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}: NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\14E64627F696461405: NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\24572776562702A4F696E647: NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\6427565602241636F6E6: NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{2F89FFDE-AE75-4C35-BA82-3112B7DE811D}\E455E4348455B4: NameServer = 8.26.56.26,156.154.70.22..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).[HKEY_LOCAL_MACHINE\system\VritualRoot\RosettaStoneVersion3.exe\MACHINE\Software\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Google\Google Pinyin 2\GooglePinyinDaemon.exec:\program files (x86)\Google\Google Pinyin 2\GooglePinyinService.exec:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe.**************************************************************************.Completion time: 2013-07-06 02:10:30 - machine was rebootedComboFix-quarantined-files.txt 2013-07-05 18:10ComboFix2.txt 2013-07-05 15:41.Pre-Run: 45,172,805,632 bytes freePost-Run: 44,993,060,864 bytes free.- - End Of File - - C8D139C0FBDE9F840477DB1E7E127631A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Maniac Posted July 6, 2013 ID:699546 Share Posted July 6, 2013 It is okay. Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button. Link to post Share on other sites More sharing options...
thewovenhand Posted July 8, 2013 Author ID:699988 Share Posted July 8, 2013 Hi Maniac, I've had to reply to this via my iPad as the computer has lost Internet connectivity. Any idea why that might be the case? Link to post Share on other sites More sharing options...
Maniac Posted July 8, 2013 ID:700050 Share Posted July 8, 2013 Is that problem came after ComboFix or ESET Online Scanner? Link to post Share on other sites More sharing options...
thewovenhand Posted July 8, 2013 Author ID:700229 Share Posted July 8, 2013 It happened after Combofix. Haven't been able to download the other scanner yet. I keep getting :Wireless Network Connection doesn't have a valid IP configuration Link to post Share on other sites More sharing options...
Maniac Posted July 8, 2013 ID:700237 Share Posted July 8, 2013 Please try this tip: http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore Link to post Share on other sites More sharing options...
thewovenhand Posted July 9, 2013 Author ID:700674 Share Posted July 9, 2013 Hi Maniac, I'd already tried the fix you suggested- thanks, though. And everything else I could think of. The only thing that worked was to do a system restore. Seems like a driver might have been erased? Should I run Combofix again? I'll get onto the ESET scan now. Thanks again for your help and patience. David Link to post Share on other sites More sharing options...
Maniac Posted July 9, 2013 ID:700726 Share Posted July 9, 2013 Please proceed with ESET, skip ComboFix for now. Thanks! Link to post Share on other sites More sharing options...
thewovenhand Posted July 10, 2013 Author ID:701102 Share Posted July 10, 2013 Here's the log from ESET: C:\Users\Mix\AppData\Local\Updater26766\Updater26766.exe a variant of Win32/Toolbar.CrossRider.C applicationC:\Users\Mix\Downloads\DTLite4471-0333.exe Win32/OpenCandy applicationC:\Users\Mix\Downloads\TidyNetworkRemovalTool.exe multiple threats Link to post Share on other sites More sharing options...
Maniac Posted July 10, 2013 ID:701103 Share Posted July 10, 2013 How are things now? Link to post Share on other sites More sharing options...
thewovenhand Posted July 11, 2013 Author ID:701654 Share Posted July 11, 2013 Hi, Let me get back to you on that. I had to install the trial period of ESET for it to clean up the results. Or, at least I hope it does that. I'll run it tonight and let you know. Thanks again for your help - you think that what we have done should have fixed the problem? David Link to post Share on other sites More sharing options...
Maniac Posted July 11, 2013 ID:701659 Share Posted July 11, 2013 No, I would like after finish with ESET Online Scanner to tell me how are things there. Do you feel any improvement or not? Link to post Share on other sites More sharing options...
thewovenhand Posted July 13, 2013 Author ID:702286 Share Posted July 13, 2013 Hmmm.... so so. Avast ran a scan today and picked up C:\Users\Mix\AppData\Local\Updater26766\Updater26766.exe a variant of Win32/Toolbar.CrossRider.C application so I guess ESET didn't get rid of it. The computer seems to run OK, but I hadn't really noticed problems with speed or connectivity before. Just knew that there was a problem. Thanks for all your help so far. Anything else you think that I should do? Link to post Share on other sites More sharing options...
Maniac Posted July 13, 2013 ID:702308 Share Posted July 13, 2013 One additional scan: Please download the Kaspersky Virus Removal Tool from here to your Desktop. Double-click the Removal Tool. Click the cog in the upper right corner: Select down to and including your main drive. Once done please select the Automatic Scan tab and press Start Scan. Allow AVP to delete all infections found. Once it has finished select the Report tab. Select the Detected threats report from the left and press the Save button. Save it to your Desktop and post the contents in your next reply. Link to post Share on other sites More sharing options...
thewovenhand Posted July 15, 2013 Author ID:702811 Share Posted July 15, 2013 Will do. Cheers Maniac Link to post Share on other sites More sharing options...
thewovenhand Posted July 16, 2013 Author ID:703272 Share Posted July 16, 2013 I've tried to post the log twice now, but it's too large. It appears Kaspersky has removed hundreds of things - I only realized afterwards I shouldn't have checked the D: :-P It's too big to post as an attachment. Link to post Share on other sites More sharing options...
Maniac Posted July 16, 2013 ID:703405 Share Posted July 16, 2013 Not all of them there is removed and dangerous. How are things now? Link to post Share on other sites More sharing options...
thewovenhand Posted July 21, 2013 Author ID:705575 Share Posted July 21, 2013 7/15/2013 10:41:39 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/Drivers/Win64/2/600/2968754drv.cat 7/15/2013 10:41:39 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/Drivers/Win64/2/501/2968754drv.cat 7/15/2013 10:41:39 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/Drivers/Win64/1/kl1.cat 7/15/2013 10:41:39 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/Drivers/Win32/2/600/2968754drv.cat 7/15/2013 10:41:39 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/Drivers/Win32/2/501/2968754drv.cat 7/15/2013 10:41:39 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/Drivers/Win32/1/kl1.cat 7/15/2013 10:41:39 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/background.png 7/15/2013 10:41:39 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/2968754rar.prg 7/15/2013 10:41:39 PM Password protected C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/2968754rar.exe 7/15/2013 10:41:39 PM Archive: RAR C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/2968754rar.exe 7/15/2013 10:41:34 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/2968754.prg 7/15/2013 10:41:34 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe/archive comment 7/15/2013 10:41:34 PM Archive: RAR C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\setup_11.0.0.1245.x01_2013_07_08_00_14.exe:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\rkill.scr:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.20288436473308909.1.1.Run.exe:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\HousecallLauncher64.exe:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\eset_smart_security_live_installer.exe:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\esetsmartinstaller_enu.exe:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\EasyBCD 1.7.2.exe:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\DTLite4471-0333.exe:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\diddley.jpg:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\ccsetup328 (1).exe:Zone.Identifier 7/15/2013 10:41:33 PM OK C:\Users\Mix\Downloads\57201.user.js:Zone.Identifier 7/15/2013 10:41:51 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDX.INF:Zone.Identifier 7/15/2013 10:41:51 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDASRSD3.inf:Zone.Identifier 7/15/2013 10:41:51 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDASRSD2.inf:Zone.Identifier 7/15/2013 10:41:51 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDASRSA.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDASamsu.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDARt.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDAPanasonic.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDAMaxxD.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDALC2.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDALC.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDAHPNB.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDAHPBPC.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDAHPAIO.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDAHP880.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDACPC.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDABPCAI.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDAApple.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDAAcer.inf:Zone.Identifier 7/15/2013 10:41:50 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDA861A.inf:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDA32.cat:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDA104D.inf:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDA01.inf:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\HDA.inf:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\CPLUtl64.exe:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\AMBFt64.sys:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\AMBFilt.sys:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\ALSndMgr.cpl:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\AlcWzrd.exe:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\WDM\Alcmtr.exe:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\WavesGUILib.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\vncutil64.exe:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SRSWOW64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SRSTSX64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SRSTSH64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SRSHP64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\sluapo64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\sltshd64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\slmaxv64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\slInit64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\slh36064.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\slgeq64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\slcshp64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SkyTel.exe:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFSAPO64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFProc64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFNHK64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFHAPO64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFDAPO64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFComm64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFCOM64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFCOM.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\SFAPO64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\rtvienna.dat:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RTSnMg64.cpl:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtPgEx64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtlUpd64.exe:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtlCPAPI64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtlCPAPI.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RTKVHD64.sys:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtkNGUI64.exe:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtkGuiCompLib.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtkCfg64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtkCfg.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtkAudioService64.exe:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtkAPO64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtkApi64.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RTEEP64A.dll:Zone.Identifier 7/15/2013 10:41:49 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RTEEL64A.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RTEEG64A.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RTEED64A.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RTCOMDLL.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RtCOM64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RP3DHT64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RP3DAA64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RCORES64.dat:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RCoInst64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RAVCpl64.exe:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\RAVBg64.exe:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MBWrp64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MBTHX64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MBTHX32.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MBppld64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MBPPCn64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\mbfilt64.sys:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MBAPO64.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MBAPO32.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MaxxVolumeSDAPO.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MaxxAudioRealtek2.dll:Zone.Identifier 7/15/2013 9:34:06 PM OK C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin 7/15/2013 9:33:55 PM OK C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb 7/15/2013 9:33:46 PM OK C:\ProgramData\ESET\ESET Smart Security\Stats\net201307b.dat 7/15/2013 9:33:39 PM OK C:\ProgramData\AVAST Software\Avast\FileInfo2.db 7/15/2013 9:33:39 PM OK C:\ProgramData\AVAST Software\Avast\db1cc78b42c84ed8a-5663f13e.dat 7/15/2013 9:33:39 PM OK C:\ProgramData\AVAST Software\Avast\avast5.ini 7/15/2013 9:33:13 PM OK C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:Zone.Identifier 7/15/2013 9:33:46 PM OK C:\ProgramData\ESET\ESET Smart Security\Stats\disk201307b.dat 7/15/2013 9:33:46 PM OK C:\ProgramData\ESET\ESET Smart Security\Stats\net201307a.dat 7/15/2013 9:33:46 PM OK C:\ProgramData\ESET\ESET Smart Security\Stats\disk201307a.dat 7/15/2013 9:33:55 PM OK C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb 7/15/2013 9:33:55 PM OK C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log 7/15/2013 9:33:55 PM OK C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log 7/15/2013 9:33:55 PM OK C:\ProgramData\Microsoft\RAC\StateData\RacWmiEventData.dat 7/15/2013 9:33:54 PM OK C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat 7/15/2013 9:33:54 PM OK C:\ProgramData\Microsoft\RAC\StateData\RacMetaData.dat 7/15/2013 9:33:54 PM OK C:\ProgramData\Microsoft\RAC\StateData\RacDatabase.sdf 7/15/2013 9:33:54 PM OK C:\ProgramData\Microsoft\RAC\PublishedData\RacWmiDatabase.sdf 7/15/2013 9:34:05 PM OK C:\ProgramData\Microsoft\Windows Defender\IMpService925A3ACA-C353-458A-AC8D-A7E5EB378092.lock 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MaxxAudioRealtek.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MaxxAudioEQ.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MaxxAudioAPO30.dll:Zone.Identifier 7/15/2013 10:41:48 PM OK C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\MaxxAudioAPO20.dll:Zone.Identifier 7/15/2013 9:30:26 PM OK C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe:Zone.Identifier 7/15/2013 9:30:26 PM OK C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe:Zone.Identifier 7/15/2013 10:41:48 PM OK Link to post Share on other sites More sharing options...
thewovenhand Posted July 21, 2013 Author ID:705577 Share Posted July 21, 2013 C:\Users\Mix\Downloads\Drivers\Audio_Realtek_6.0.1.6171_W7x86W7x64_A\Audio_Realtek_6.0.1.6171_W7x86x64\Vista64\LightSkinImages64.dll:Zone.Identifier 7/15/2013 9:29:52 PM OK C:\Program Files\COMODO\COMODO Internet Security\database\vendor.n 7/15/2013 9:29:39 PM OK C:\Program Files\AVAST Software\Avast\Setup\vps_win32-b5c.vpx 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000003c.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000003a.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000039.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000038.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000037.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000036.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000035.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000034.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000033.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000032.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000031.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000030.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000002f.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000002e.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000002d.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000002c.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000002b.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000002a.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000029.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000028.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000027.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000025.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000026.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000024.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000023.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000022.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000021.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000001f.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000020.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000001d.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000001e.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000001c.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000001b.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg130715000000001a.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000019.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000018.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\whitelist.db 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000017.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000016.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000015.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000014.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000013.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000012.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000011.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500_stream\pkg1307150000000010.bin 7/15/2013 9:29:38 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\s_nmp.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\snxclass.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\s_idx.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\spm.db 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\spm.bin 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\l_nmp.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\sl_nmp.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\sl_idx.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\Sf1.bin 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\pclassif.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\lshe3.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\l_idx.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\fnames_5.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\list_i.txt 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\list_d.txt 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\dllcc.dat 7/15/2013 9:19:44 PM OK C:\Documents and Settings\Mix_2\Favorites\Links\Suggested Sites.url:favicon 7/15/2013 9:19:44 PM OK C:\Documents and Settings\Mix_2\Favorites\????????? - Google.url:favicon 7/15/2013 9:19:44 PM OK C:\Documents and Settings\Mix_2\Favorites\Cinnamon Pastries Recipe - Allrecipes.com.url:favicon 7/15/2013 9:19:44 PM OK C:\Documents and Settings\Mix_2\Favorites\Chocolate Eclair Cake Recipe - Allrecipes.com.url:favicon 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\def.ini 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_xtn.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_wh2.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_w6.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_w6.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_tx.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_u.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_swf.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_swf.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_sc.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_pe3.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_ob2.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_pe2.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_o7.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_o7.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_mx95.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_mx95.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_mx4.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_mx4.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_java.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_js.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_evope.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_js.dat 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_java.map 7/15/2013 9:29:37 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_dex.dat 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_dyna.dat 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_elfa.map 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_elfa.dat 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_elf.map 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_elf.dat 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_el.dat 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_dyna.map 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\certs.map 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_dsql.map 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_dsql.dat 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_dex.map 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_bhv.dat 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_bhv.map 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\db_as.dat 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\acshort.map 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\ArPot.dll 7/15/2013 9:29:36 PM OK C:\Program Files\AVAST Software\Avast\defs\13071500\algo64.dll 7/15/2013 9:29:34 PM OK C:\Program Files\AVAST Software\Avast\defs\aswdefs.ini 7/15/2013 9:29:39 PM OK C:\Program Files\AVAST Software\Avast\Setup\vps_win64-7ec.vpx 7/15/2013 9:29:39 PM OK C:\Program Files\AVAST Software\Avast\Setup\vps_32-b49.vpx 7/15/2013 9:11:44 PM OK C:\Documents and Settings\Mix_2\ntuser.dat.LOG1 7/15/2013 9:11:33 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\__MACOSX\KevinH_styles\._.DS_Store:Zone.Identifier 7/15/2013 9:11:33 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Winter_Blow.lrtemplate:Zone.Identifier 7/15/2013 9:11:33 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Tonal_Touch.lrtemplate:Zone.Identifier 7/15/2013 9:11:32 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Summer_Kiss.lrtemplate:Zone.Identifier 7/15/2013 9:11:32 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Seventies_Shot.lrtemplate:Zone.Identifier 7/15/2013 9:11:32 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Fresh_Fade.lrtemplate:Zone.Identifier 7/15/2013 9:11:32 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Fading_Clarity.lrtemplate:Zone.Identifier 7/15/2013 9:11:32 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Creamy_Closeup.lrtemplate:Zone.Identifier 7/15/2013 9:11:32 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Clear_Presets.lrtemplate:Zone.Identifier 7/15/2013 9:11:32 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Classic_Dream.lrtemplate:Zone.Identifier 7/15/2013 9:11:32 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\Summer Presets\KevinH_styles\.DS_Store:Zone.Identifier 7/15/2013 9:11:31 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL9.lrtemplate:Zone.Identifier 7/15/2013 9:11:31 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL8.lrtemplate:Zone.Identifier 7/15/2013 9:11:31 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL7.lrtemplate:Zone.Identifier 7/15/2013 9:11:31 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL6.lrtemplate:Zone.Identifier 7/15/2013 9:11:31 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL5.lrtemplate:Zone.Identifier 7/15/2013 9:11:31 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL4.lrtemplate:Zone.Identifier 7/15/2013 9:11:31 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL3.lrtemplate:Zone.Identifier 7/15/2013 9:11:31 PM OK C:\Documents and Settings\Mix\Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL26.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\__MACOSX\KevinH_styles\._.DS_Store:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Winter_Blow.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Tonal_Touch.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Summer_Kiss.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Seventies_Shot.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Fresh_Fade.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Fading_Clarity.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Creamy_Closeup.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Clear_Presets.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\Classic_Dream.lrtemplate:Zone.Identifier 7/15/2013 9:06:21 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\Summer Presets\KevinH_styles\.DS_Store:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL9.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL8.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL7.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL6.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL5.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL4.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL3.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL26.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL25.lrtemplate:Zone.Identifier 7/15/2013 9:06:19 PM OK C:\Documents and Settings\Mix\My Documents\My Pictures\Lightroom Presets\LaconicZLPresets\LD-ZL24.lrtemplate:Zone.Identifier 7/15/2013 9:00:06 PM OK C:\Documents and Settings\Mix\My Documents\Licence Test\3-8.pdf:Zone.Identifier 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0953.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0951.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0950.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0949.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0947.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0946.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0943.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0941.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0937.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0934.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0933.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0931.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0928.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0927.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0926.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0925.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0922.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0909.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0906.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0904.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0900.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0896.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0895.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0892.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0885.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0884.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0882.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Settings\Mix\My Documents\Dropbox\Photos\Apr-May 2013\IMG_0881.jpg:com.dropbox.attributes 7/15/2013 8:59:59 PM OK C:\Documents and Link to post Share on other sites More sharing options...
thewovenhand Posted July 21, 2013 Author ID:705584 Share Posted July 21, 2013 Hi Maniac, sorry for late reply - I've been away. I've been able to post the Kaspersky log by splitting it in half. Not sure what it has or hasn't removed. Would you mind checking it over and letting me know what to do next. Thanks a lot David Link to post Share on other sites More sharing options...
Maniac Posted July 21, 2013 ID:705615 Share Posted July 21, 2013 Give me more information about how is your system now. Any progress or maybe not? Link to post Share on other sites More sharing options...
Recommended Posts