Jump to content

search.us.com

schulenballs
 Share

Recommended Posts

schulenballs

schulenballs

Posted
Posted

Hi, My firefox browser was recently infected by this browser hijacker so i researched how to get rid of it and now it appears to be no longer there. However i can't shake the feeling that the computer is still compromised even though i have run just about every scan out there including Kaspersky rescue disk. Please could you help me.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
schulenballs

schulenballs

Posted
  • Author
Posted
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660

Run by horse at 20:36:32 on 2013-08-28

Microsoft Windows 8 Pro  6.2.9200.0.1252.44.1033.18.3986.2492 [GMT 1:00]

.

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\dwm.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhostex.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe

C:\Windows\System32\RuntimeBroker.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe

C:\Program Files (x86)\Sticky Password\stpass.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\AntiLogger\AntiLogger.exe

C:\Program Files\CCleaner\CCleaner64.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe

C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe

C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe

C:\Program Files (x86)\Opera\16.0.1196.62\opera.exe

C:\Program Files (x86)\Opera\16.0.1196.62\opera_crashreporter.exe

C:\Program Files (x86)\Opera\16.0.1196.62\opera.exe

C:\Program Files (x86)\Opera\16.0.1196.62\opera.exe

C:\Program Files (x86)\Opera\16.0.1196.62\opera.exe

C:\Program Files (x86)\Opera\16.0.1196.62\opera.exe

C:\Program Files (x86)\Opera\16.0.1196.62\opera.exe

C:\Program Files (x86)\Opera\16.0.1196.62\opera.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\explorer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.


BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\ipsbho.dll

BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\CoIEPlg.dll

BHO: Sticky Password Toolbar: {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll

TB: Sticky Password Toolbar: {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll

TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\CoIEPlg.dll

uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

uRun: [stickyPassword] "C:\Program Files (x86)\Sticky Password\stpass.exe" /autorunned

uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun: [AntiLogger] "C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimized

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:0

uPolicies-Explorer: NoDevMgrUpdate = dword:0

uPolicies-Explorer: NoDFSTab = dword:0

uPolicies-Explorer: NoEncryptOnMove = dword:0

uPolicies-Explorer: NoRunasInstallPrompt = dword:0

uPolicies-Explorer: NoResolveTrack = dword:0

uPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

mPolicies-Explorer: DisableLocalMachineRun = dword:0

mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0

mPolicies-Explorer: DisableCurrentUserRun = dword:0

mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

mPolicies-Explorer: NoFile = dword:0

mPolicies-Explorer: HideClock = dword:0

mPolicies-Explorer: NoDevMgrUpdate = dword:0

mPolicies-Explorer: NoDFSTab = dword:0

mPolicies-Explorer: NoEncryptOnMove = dword:0

mPolicies-Explorer: NoRunasInstallPrompt = dword:0

mPolicies-Explorer: NoResolveTrack = dword:0

mPolicies-Explorer: NoStartMenuSubFolders = dword:0

IE: Sticky Password - C:\Program Files (x86)\Sticky Password\spIEBho.dll/616

TCP: NameServer = 8.8.8.8

TCP: Interfaces\{140C5813-BCD5-4864-98C8-22F2AC8DB243} : DHCPNameServer = 8.8.8.8

TCP: Interfaces\{5EAE09BB-7CD4-4C65-9885-D5177581D453} : NameServer = 4.2.2.1,74.82.42.42

TCP: Interfaces\{5EAE09BB-7CD4-4C65-9885-D5177581D453} : DHCPNameServer = 192.168.0.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [sRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h

x64-mPolicies-Explorer: NoDrives = dword:0

x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:0

x64-mPolicies-Explorer: NoDevMgrUpdate = dword:0

x64-mPolicies-Explorer: NoDFSTab = dword:0

x64-mPolicies-Explorer: NoEncryptOnMove = dword:0

x64-mPolicies-Explorer: NoRunasInstallPrompt = dword:0

x64-mPolicies-Explorer: NoResolveTrack = dword:0

x64-mPolicies-Explorer: NoStartMenuSubFolders = dword:0

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\


FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Sticky Password\npSPAutofill.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

FF - ExtSQL: 2013-08-23 02:12; {54affe52-8223-453b-be1e-2fe2e250045c}; C:\Users\horse\AppData\Roaming\Lamantine\Sticky Password\spAutofill

FF - ExtSQL: 2013-08-25 19:27; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\IPSFFPlgn

FF - ExtSQL: 2013-08-26 22:22; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn

FF - ExtSQL: 2013-08-26 22:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-08-26 22:42; firefox@ghostery.com; C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\extensions\firefox@ghostery.com.xpi

FF - ExtSQL: 2013-08-26 22:43; https-everywhere@eff.org; C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\extensions\https-everywhere@eff.org

FF - ExtSQL: 2013-08-27 00:54; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

============= SERVICES / DRIVERS ===============

.

R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-8-25 644968]

R0 SymDS;Symantec Data Store;C:\Windows\System32\Drivers\NAVx64\1404000.028\SymDS64.sys [2013-8-25 493656]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\Drivers\NAVx64\1404000.028\SymEFA64.sys [2013-8-25 1139800]

R1 AntiLog32;AntiLog32;C:\Windows\System32\Drivers\AntiLog64.sys [2013-8-23 49240]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-8-25 1393240]

R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\Drivers\NAVx64\1404000.028\ccSetx64.sys [2013-8-25 169048]

R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\Drivers\NSTx64\7DE05000.043\ccSetx64.sys [2013-8-26 150104]

R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\Drivers\hssdrv6.sys [2013-8-25 46792]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.4.0.40\Definitions\IPSDefs\20130827.001\IDSviA64.sys [2013-8-28 520280]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\Ironx64.sys [2013-8-25 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\symnets.sys [2013-8-25 433752]

R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [2013-8-25 144368]

R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.5.0.67\NST.exe [2013-8-26 129424]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-8-23 201872]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-27 140376]

R3 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-8-16 852264]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-8-25 449528]

R3 keycrypt;keycrypt;C:\Windows\System32\Drivers\KeyCrypt64.sys [2013-8-23 25056]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\Drivers\RtsUStor.sys [2013-8-27 252048]

R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-8-25 816344]

R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\Drivers\rtwlane.sys [2013-8-25 2990808]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-16 43832]

R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\Drivers\taphss6.sys [2013-6-21 42184]

S0 SymELAM;Symantec ELAM Driver;C:\Windows\System32\Drivers\NAVx64\1404000.028\SymELAM.sys [2013-8-25 23448]

S3 CGVPNCliService;CyberGhost VPN 5 Client Service;C:\Program Files\CyberGhost 5\Service.exe [2013-8-24 26088]

S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2013-8-23 2438696]

S3 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-8-16 555304]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\Drivers\rtwlane.sys [2013-8-25 2990808]

S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]

S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-7 143088]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1

FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1

ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"

.

=============== Created Last 30 ================

.

2013-08-28 01:55:20 -------- d-----w- C:\Program Files (x86)\Tweaking.com

2013-08-28 01:36:13 -------- d-sh--w- C:\$RECYCLE.BIN

2013-08-28 01:36:08 -------- d-----w- C:\Users\horse\AppData\Local\temp

2013-08-28 01:28:36 98816 ----a-w- C:\Windows\sed.exe

2013-08-28 01:28:36 256000 ----a-w- C:\Windows\PEV.exe

2013-08-27 21:38:07 -------- d-----w- C:\Program Files\Sandboxie

2013-08-27 20:45:59 -------- d-----r- C:\Users\horse\Searches

2013-08-27 20:43:27 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-08-27 20:43:20 -------- d-----w- C:\Program Files\ATI

2013-08-27 20:43:04 -------- d-----w- C:\Program Files\ATI Technologies

2013-08-27 20:35:03 -------- d-----w- C:\Program Files\Synaptics

2013-08-27 20:16:56 -------- d-----w- C:\Users\horse\AppData\Local\SRS Labs

2013-08-27 20:16:52 -------- d-----w- C:\Program Files\SRS Labs

2013-08-27 20:16:23 -------- d-----w- C:\Users\horse\AppData\Local\Downloaded Installations

2013-08-27 20:14:27 -------- d-----w- C:\Users\horse\AppData\Local\{16D8D997-18E4-42EB-9B86-ABEBB7D83C37}

2013-08-27 20:13:16 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll

2013-08-27 20:12:12 -------- d-----w- C:\Windows\SysWow64\sda

2013-08-27 20:12:06 -------- d-----w- C:\Windows\LastGood.Tmp

2013-08-27 20:11:57 9888912 ----a-w- C:\Windows\SysWow64\RtsUStoricon.dll

2013-08-27 20:11:57 422544 ----a-w- C:\Windows\System32\RtsUStor.dll

2013-08-27 20:11:57 252048 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys

2013-08-27 20:11:57 -------- d-----w- C:\Program Files (x86)\Realtek

2013-08-27 20:11:55 -------- d-----w- C:\Users\horse\AppData\Roaming\WinBatch

2013-08-27 19:45:48 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-08-27 19:03:09 1081616 ----a-w- C:\Windows\SysWow64\mscomctl.ocx

2013-08-27 19:03:09 -------- d-----w- C:\Users\horse\AppData\Local\MyPorts

2013-08-27 06:12:06 -------- d-----w- C:\Windows\Microsoft Antimalware

2013-08-27 02:08:12 -------- d-----w- C:\Program Files\Microsoft Baseline Security Analyzer 2

2013-08-26 22:47:23 -------- d-----w- C:\Users\horse\AppData\Roaming\WinPatrol

2013-08-26 22:47:12 -------- d-----w- C:\Program Files (x86)\BillP Studios

2013-08-26 21:44:18 -------- d-----w- C:\Users\horse\AppData\Local\Eraser 6

2013-08-26 11:32:19 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2013-08-26 11:32:15 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll

2013-08-26 11:32:15 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2013-08-26 11:31:59 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64\0600000.04A

2013-08-26 11:31:59 -------- d-----w- C:\Windows\System32\drivers\NBRTWizardx64

2013-08-26 11:31:57 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard

2013-08-26 10:51:31 150104 ----a-r- C:\Windows\System32\drivers\NSTx64\7DE05000.043\ccSetx64.sys

2013-08-26 10:51:21 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DE05000.043

2013-08-25 18:20:07 -------- d-----w- C:\Users\horse\AppData\Roaming\DMCache

2013-08-25 18:17:45 2990808 ----a-w- C:\Windows\System32\drivers\rtwlane.sys

2013-08-25 18:11:57 449528 ----a-w- C:\Windows\System32\drivers\IntcDAud.sys

2013-08-25 18:10:01 1004248 ----a-w- C:\Windows\System32\RtkApi64.dll

2013-08-25 18:10:00 613448 ----a-w- C:\Windows\System32\RtDataProc64.dll

2013-08-25 18:10:00 3760856 ----a-w- C:\Windows\System32\RtkAPO64.dll

2013-08-25 18:10:00 2795224 ----a-w- C:\Windows\System32\RtPgEx64.dll

2013-08-25 18:10:00 1662024 ----a-w- C:\Windows\System32\RTSnMg64.cpl

2013-08-25 18:10:00 1284680 ----a-w- C:\Windows\System32\RTCOM64.dll

2013-08-25 18:09:59 3462616 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2013-08-25 18:09:58 146648 ----a-w- C:\Windows\System32\RCoInstII64.dll

2013-08-25 18:09:38 2736160 ----a-w- C:\Windows\System32\FMAPO64.dll

2013-08-25 18:09:36 208072 ----a-w- C:\Windows\System32\AERTAC64.dll

2013-08-25 18:08:14 644968 ----a-w- C:\Windows\System32\drivers\iaStorA.sys

2013-08-25 18:07:44 816344 ----a-w- C:\Windows\System32\drivers\Rt630x64.sys

2013-08-25 18:07:44 74456 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-08-25 16:41:03 -------- d-----w- C:\Program Files (x86)\Uniblue

2013-08-25 16:17:55 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared

2013-08-25 16:01:54 -------- d-----w- C:\Windows\System32\drivers\NSTx64

2013-08-25 16:01:53 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe

2013-08-25 16:01:44 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2013-08-25 16:01:44 -------- d-----w- C:\Program Files\Common Files\Symantec Shared

2013-08-25 16:01:16 796760 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\srtsp64.sys

2013-08-25 16:01:16 493656 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\SymDS64.sys

2013-08-25 16:01:16 433752 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\symnets.sys

2013-08-25 16:01:16 36952 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\srtspx64.sys

2013-08-25 16:01:16 23448 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\SymELAM.sys

2013-08-25 16:01:16 224416 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\Ironx64.sys

2013-08-25 16:01:16 169048 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\ccSetx64.sys

2013-08-25 16:01:16 1139800 ----a-r- C:\Windows\System32\drivers\NAVx64\1404000.028\SymEFA64.sys

2013-08-25 16:00:51 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1404000.028

2013-08-25 16:00:51 -------- d-----w- C:\Windows\System32\drivers\NAVx64

2013-08-25 16:00:49 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus

2013-08-25 15:39:50 -------- d-----w- C:\Program Files\TAP-Windows

2013-08-25 14:48:09 46792 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys

2013-08-25 14:42:56 -------- d-----w- C:\Program Files (x86)\Your Uninstaller! 7

2013-08-25 14:42:34 -------- d-----w- C:\Users\horse\AppData\Roaming\URSoft

2013-08-25 14:40:20 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll

2013-08-25 13:27:23 -------- d-----w- C:\Program Files (x86)\jv16 PowerTools 2013

2013-08-25 11:40:28 -------- d-----w- C:\ProgramData\NortonInstaller

2013-08-25 11:40:28 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2013-08-25 11:35:05 -------- d-----w- C:\ProgramData\Norton

2013-08-25 00:56:18 468592 ----a-w- C:\Windows\System32\pskill.exe

2013-08-25 00:44:15 114688 ----a-w- C:\Windows\System32\Fport.exe

2013-08-24 23:06:38 -------- d-----w- C:\Users\horse\Specialist

2013-08-24 16:57:17 -------- d-----w- C:\ProgramData\Hotspot Shield

2013-08-24 16:57:01 -------- d-----w- C:\Program Files (x86)\Hotspot Shield

2013-08-24 16:56:40 -------- d-----w- C:\Users\horse\AppData\Roaming\Hotspot Shield

2013-08-24 16:20:14 -------- d-----w- C:\Program Files\CyberGhost 5

2013-08-24 13:14:30 19187712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-08-24 13:14:30 18523648 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

2013-08-24 11:47:09 208896 ----a-w- C:\Windows\MBR.exe

2013-08-24 10:50:00 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin

2013-08-23 20:35:53 -------- d-----w- C:\Windows\ERUNT

2013-08-23 20:13:56 -------- d-----w- C:\Windows\SysWow64\Hotspot Shield

2013-08-23 19:00:25 -------- d-----w- C:\Users\horse\AppData\Roaming\Wireshark

2013-08-23 18:48:36 -------- d-----w- C:\Program Files (x86)\WinPcap

2013-08-23 18:47:29 -------- d-----w- C:\Program Files\Wireshark

2013-08-23 16:25:43 -------- d-----w- C:\Users\horse\AppData\Local\Macromedia

2013-08-23 16:17:30 -------- d-----w- C:\ProgramData\xml_param

2013-08-23 14:32:07 -------- d-----w- C:\Program Files\CyberGhost VPN

2013-08-23 14:29:30 -------- d-----w- C:\Users\horse\AppData\Roaming\S.A.D

2013-08-23 13:45:09 -------- d-----w- C:\Windows\SysWow64\RTCOM

2013-08-23 13:45:09 -------- d-----w- C:\Windows\System32\SRSLabs

2013-08-23 13:45:09 -------- d-----w- C:\Program Files\Realtek

2013-08-23 13:36:18 945152 ----a-w- C:\Windows\System32\resetengmig.dll

2013-08-23 13:36:18 443392 ----a-w- C:\Windows\System32\ReAgent.dll

2013-08-23 13:36:18 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll

2013-08-23 13:36:18 132096 ----a-w- C:\Windows\System32\sysreset.exe

2013-08-23 13:36:18 1011200 ----a-w- C:\Windows\System32\reseteng.dll

2013-08-23 13:36:17 405504 ----a-w- C:\Windows\System32\pcasvc.dll

2013-08-23 13:36:17 31232 ----a-w- C:\Windows\System32\pcadm.dll

2013-08-23 13:36:17 2851840 ----a-w- C:\Windows\System32\esent.dll

2013-08-23 13:36:17 2382336 ----a-w- C:\Windows\SysWow64\esent.dll

2013-08-23 13:36:17 13312 ----a-w- C:\Windows\System32\pcalua.exe

2013-08-23 13:36:17 11776 ----a-w- C:\Windows\System32\pcaevts.dll

2013-08-23 13:36:11 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-08-23 13:36:11 25088 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-08-23 13:25:59 -------- d-----w- C:\Users\horse\AppData\Roaming\Maxthon3

2013-08-23 13:25:56 -------- d-----w- C:\Program Files (x86)\Maxthon

2013-08-23 13:22:17 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-23 13:22:17 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-23 13:15:33 -------- d-----r- C:\Windows\BrowserChoice

2013-08-23 12:01:55 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-08-23 11:59:59 1196032 ----a-w- C:\Windows\SysWow64\vssapi.dll

2013-08-23 11:53:58 301568 ----a-w- C:\Windows\System32\newdev.dll

2013-08-23 11:53:57 76288 ----a-w- C:\Windows\System32\newdev.exe

2013-08-23 11:53:57 75264 ----a-w- C:\Windows\System32\ndadmin.exe

2013-08-23 11:53:57 74240 ----a-w- C:\Windows\SysWow64\newdev.exe

2013-08-23 11:53:57 73728 ----a-w- C:\Windows\SysWow64\ndadmin.exe

2013-08-23 11:53:57 275968 ----a-w- C:\Windows\SysWow64\newdev.dll

2013-08-23 11:51:25 68608 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-08-23 11:46:58 7680 ----a-w- C:\Windows\System32\kbdhebl3.dll

2013-08-23 11:42:03 11459584 ----a-w- C:\Windows\System32\glcndFilter.dll

2013-08-23 11:40:59 1122768 ----a-w- C:\Windows\System32\Taskmgr.exe

2013-08-23 11:09:40 -------- d-----w- C:\Program Files\Unlocker

2013-08-23 11:04:07 -------- d-----w- C:\Windows\pss

2013-08-23 08:57:04 -------- d-----w- C:\Windows\System32\MRT

2013-08-23 08:42:25 363976 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll

2013-08-23 08:39:01 86016 ----a-w- C:\Windows\System32\ncryptsslp.dll

2013-08-23 08:39:01 71168 ----a-w- C:\Windows\SysWow64\ncryptsslp.dll

2013-08-23 08:38:27 17888 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll

2013-08-23 08:38:25 17888 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll

2013-08-23 08:35:44 2035200 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll

2013-08-23 08:35:44 1617920 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-08-23 08:35:44 1272320 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-08-23 08:35:43 1318912 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-08-23 08:35:43 1306112 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-08-23 08:35:42 1413632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll

2013-08-23 08:35:42 1029632 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\journal.dll

2013-08-23 08:35:41 1455368 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-08-23 08:33:59 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll

2013-08-23 08:33:59 156160 ----a-w- C:\Windows\System32\powercfg.cpl

2013-08-23 08:33:59 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl

2013-08-23 08:33:58 71168 ----a-w- C:\Windows\System32\WSDPrintProxy.DLL

2013-08-23 08:33:58 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll

2013-08-23 08:33:58 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys

2013-08-23 08:33:58 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys

2013-08-23 08:33:58 235008 ----a-w- C:\Program Files\Windows NT\Accessories\WordpadFilter.dll

2013-08-23 08:33:58 195072 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\WordpadFilter.dll

2013-08-23 08:33:58 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll

2013-08-23 08:33:58 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll

2013-08-23 08:27:04 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-08-23 08:27:04 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-08-23 08:26:07 141312 ----a-w- C:\Windows\System32\cryptnet.dll

2013-08-23 08:26:07 1255936 ----a-w- C:\Windows\System32\certutil.exe

2013-08-23 08:26:07 109056 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-08-23 08:26:07 1013248 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-08-23 08:23:10 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-08-23 08:23:10 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-23 08:22:17 2893824 ----a-w- C:\Windows\System32\msmpeg2vdec.dll

2013-08-23 08:22:17 2400256 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll

2013-08-23 08:20:27 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-08-23 08:20:27 112872 ----a-w- C:\Windows\System32\consent.exe

2013-08-23 08:19:21 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-08-23 08:16:59 14848 ----a-w- C:\Windows\SysWow64\rars.rs

2013-08-23 08:13:36 9216 ----a-w- C:\Windows\System32\dpnhupnp.dll

2013-08-23 08:12:48 3552768 ----a-w- C:\Windows\System32\tquery.dll

2013-08-23 08:11:59 9374208 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2013-08-23 08:11:38 1558912 ----a-w- C:\Program Files\Windows Defender\DbgHelp.dll

2013-08-23 08:11:38 149264 ----a-w- C:\Program Files\Windows Defender\SymSrv.dll

2013-08-23 08:10:49 2361344 ----a-w- C:\Windows\System32\msxml6.dll

2013-08-23 08:10:48 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll

2013-08-23 08:10:48 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2013-08-23 08:10:48 2048 ----a-w- C:\Windows\System32\msxml6r.dll

2013-08-23 08:10:48 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2013-08-23 08:10:48 1836032 ----a-w- C:\Windows\System32\msxml3.dll

2013-08-23 08:10:48 1802240 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-08-23 08:10:48 1438720 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-08-23 07:48:43 -------- d-----w- C:\Users\horse\AppData\Roaming\TrueCrypt

2013-08-23 07:44:42 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys

2013-08-23 07:44:42 -------- d-----w- C:\Program Files\TrueCrypt

2013-08-23 07:18:57 -------- d-----w- C:\Users\horse\AppData\Local\Mozilla

2013-08-23 06:57:21 -------- d--h--w- C:\Users\horse\.swt

2013-08-23 06:56:29 -------- d-----w- C:\Users\horse\AppData\Roaming\Azureus

2013-08-23 06:40:29 -------- d-----w- C:\Program Files\CCleaner

2013-08-23 06:36:33 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys

2013-08-23 06:36:27 -------- d-----w- C:\Program Files (x86)\AntiLogger

2013-08-23 06:36:07 25056 ----a-w- C:\Windows\System32\drivers\KeyCrypt64.sys

2013-08-23 06:36:07 -------- d-----w- C:\Program Files (x86)\KeyCryptSDK

2013-08-23 06:36:06 6525952 ----a-w- C:\Windows\SysWow64\ZALSDKCore.dll

2013-08-23 06:36:06 -------- d-----w- C:\Windows\SysWow64\ZALSDK_uninst

2013-08-23 06:36:06 -------- d-----w- C:\Users\horse\AppData\Local\Zemana

2013-08-23 05:28:24 -------- d-----w- C:\Windows\Panther

2013-08-23 01:56:32 -------- d-----w- C:\Users\horse\AppData\Roaming\EAST Technologies

2013-08-23 01:56:07 -------- d-----w- C:\Program Files (x86)\East-Tec Eraser 2013

2013-08-23 01:44:50 -------- d-----w- C:\Program Files (x86)\SopCast

2013-08-23 01:36:19 -------- d-----w- C:\Program Files (x86)\FileHippo.com

2013-08-23 01:12:38 -------- d-----w- C:\Users\horse\AppData\Roaming\Lamantine

2013-08-23 00:58:52 -------- d-----w- C:\Users\horse\AppData\Local\Adobe

2013-08-22 22:30:27 -------- d-----w- C:\Program Files\VideoLAN

2013-08-22 22:29:11 -------- d-----w- C:\Users\horse\AppData\Roaming\SUPERAntiSpyware.com

2013-08-22 22:28:43 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-08-22 22:28:43 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-08-22 22:27:38 -------- d-----w- C:\Program Files (x86)\Sticky Password

2013-08-22 22:20:35 -------- d-----r- C:\Program Files (x86)\Skype

2013-08-22 22:17:59 -------- d-----w- C:\Users\horse\AppData\Local\PrivaZer

2013-08-22 22:17:59 -------- d-----w- C:\Program Files (x86)\PrivaZer

2013-08-22 22:17:30 -------- d-----w- C:\Users\horse\AppData\Local\Opera Software

2013-08-22 22:17:29 -------- d-----w- C:\Users\horse\AppData\Roaming\Opera Software

2013-08-22 22:00:27 -------- d-----w- C:\Users\horse\AppData\Roaming\Malwarebytes

2013-08-22 21:58:32 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-22 21:55:50 -------- d-----w- C:\Program Files\HitmanPro

2013-08-22 21:55:19 -------- d-----w- C:\ProgramData\HitmanPro

2013-08-22 21:55:09 388096 ----a-r- C:\Users\horse\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-08-22 21:55:09 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-08-22 21:52:44 -------- d-----w- C:\Users\horse\AppData\Local\CyberGhost

2013-08-22 21:41:17 778856 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll

2013-08-22 21:41:17 35400 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe

2013-08-22 21:41:16 102528 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

2013-08-22 21:41:14 35400 ----a-w- C:\Windows\System32\TsWpfWrp.exe

2013-08-22 21:41:14 124040 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2013-08-22 21:41:14 1166440 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll

2013-08-22 21:37:58 -------- d-----w- C:\Users\horse\AppData\Local\Programs

2013-08-22 20:53:04 -------- d-----w- C:\Users\horse\AppData\Local\VirtualStore

2013-08-22 20:52:52 -------- d-----w- C:\Users\horse\AppData\Local\Packages

2013-08-22 20:52:52 -------- d-----w- C:\ProgramData\PRICache

2013-08-15 08:13:32 32832 ----a-w- C:\Windows\System32\drivers\TVALZ_O.SYS

2013-08-13 14:06:54 -------- d-----w- C:\Users\horse\Favourites

2013-08-13 14:05:40 -------- d-----w- C:\Users\horse\Software

2013-08-12 22:21:53 -------- d-----w- C:\Users\horse\Portable

.

==================== Find3M  ====================

.

2013-08-28 00:07:15 381816 ----a-w- C:\Windows\System32\PsExec.exe

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:13:28 915968 ----a-w- C:\Windows\System32\uxtheme.dll

2013-07-26 05:13:28 53760 ----a-w- C:\Windows\System32\UXInit.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:13:15 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 00:54:34 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll

2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll

2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll

2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll

2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll

2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys

2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe

2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe

2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll

2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll

2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll

2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll

2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll

2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll

2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll

2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll

2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll

2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll

2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2013-07-02 23:51:03 4039680 ----a-w- C:\Windows\System32\win32k.sys

2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys

2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys

2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe

2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe

2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys

2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys

2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys

2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-06-26 03:01:38 321536 ----a-w- C:\Windows\System32\drivers\udfs.sys

2013-06-26 02:59:34 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys

2013-06-24 22:54:52 447488 ----a-w- C:\Windows\System32\wwansvc.dll

2013-06-24 22:54:45 74240 ----a-w- C:\Windows\System32\wcmcsp.dll

2013-06-24 22:54:45 263680 ----a-w- C:\Windows\System32\wcmsvc.dll

2013-06-21 01:09:44 42184 ----a-w- C:\Windows\System32\drivers\taphss6.sys

2013-06-19 05:36:21 183808 ----a-w- C:\Windows\System32\winmmbase.dll

2013-06-19 05:36:21 115712 ----a-w- C:\Windows\System32\winmm.dll

2013-06-18 22:38:00 160256 ----a-w- C:\Windows\SysWow64\winmmbase.dll

2013-06-18 22:38:00 125440 ----a-w- C:\Windows\SysWow64\winmm.dll

2013-06-11 23:43:37 154112 ----a-w- C:\Windows\SysWow64\WinSCard.dll

2013-06-11 23:26:20 230912 ----a-w- C:\Windows\System32\WinSCard.dll

2013-06-10 21:17:46 96512 ----a-w- C:\Windows\System32\drivers\wfplwfs.sys

2013-06-10 19:16:07 888832 ----a-w- C:\Windows\System32\nshwfp.dll

2013-06-10 19:15:42 1156096 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-06-10 19:15:38 381952 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-06-10 19:15:25 723968 ----a-w- C:\Windows\System32\BFE.DLL

2013-06-10 19:10:58 702464 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-06-10 19:10:37 245248 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe

2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS

2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS

2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll

2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll

2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll

2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll

2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll

2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe

2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe

2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll

2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll

2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll

2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll

2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll

2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll

2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll

2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll

2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll

2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll

2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys

.

============= FINISH: 20:36:49.26 ===============

 

 


DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro

Boot Device: \Device\HarddiskVolume1

Install Date: 22/08/2013 21:52:34

System Uptime: 28/08/2013 20:07:41 (0 hours ago)

.

Motherboard: Type2 - Board Vendor Name1 |  | Type2 - Board Product Name1

Processor: Intel® Pentium® CPU B950 @ 2.10GHz | U3E1 | 2100/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 158 GiB total, 118.077 GiB free.

D: is FIXED (NTFS) - 140 GiB total, 68.903 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe Flash Player 11 Plugin

AMD APP SDK Runtime

AMD Catalyst Install Manager

CCleaner

CyberGhost 5 Beta

CyberGhost VPN

East-Tec Eraser 2013 Version 10.0

FileHippo.com Update Checker

HiJackThis

HitmanPro 3.7

Hotspot Shield 3.13

Intel® Processor Graphics

jv16 PowerTools 2013

KeyCrypt SDK version 1.6.1.246

Maxthon Cloud Browser

Microsoft Baseline Security Analyzer 2.2

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

MyPorts - build 2.01.03 - If an older version of MyPorts is alr

Norton AntiVirus

Norton Bootable Recovery Tool Wizard

Norton Identity Safe

Opera Stable 16.0.1196.62

Premium Sound HD

PrivaZer

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Skype™ 6.7

Sticky Password 6.0.12.455

SUPERAntiSpyware

Synaptics Pointing Device Driver

TAP-Windows 9.9.2

TOSHIBA Audio Enhancement

TrueCrypt

Tweaking.com - Windows Repair (All in One)

Unlocker 1.9.2

VLC media player 2.0.8

WinPcap 4.1.3

Wireshark 1.10.1 (64-bit)

Your Uninstaller! 7

.

==== Event Viewer Messages From Past Week ========

.

28/08/2013 20:08:45, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

28/08/2013 20:08:13, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

28/08/2013 12:35:41, Error: Service Control Manager [7043]  - The Windows Update service did not shut down properly after receiving a preshutdown control.

28/08/2013 11:54:33, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

28/08/2013 03:28:33, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

28/08/2013 03:28:33, Error: Service Control Manager [7024]  - 

28/08/2013 03:28:03, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

28/08/2013 02:39:28, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

28/08/2013 02:36:13, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.

28/08/2013 02:36:13, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.

28/08/2013 02:36:13, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "Unavailable" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

28/08/2013 02:36:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

28/08/2013 02:36:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

28/08/2013 02:33:54, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

28/08/2013 02:28:41, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "Unavailable" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

28/08/2013 02:28:20, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

28/08/2013 02:26:43, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub System service which failed to start because of the following error:  A device attached to the system is not functioning.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI Proxy Service Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.

28/08/2013 02:25:37, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.

28/08/2013 02:24:37, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NAV service.

27/08/2013 11:42:07, Error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).

26/08/2013 11:30:01, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {7022A3B3-D004-4F52-AF11-E9E987FEE25F}  and APPID  {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}  to the user Schulenballs-Pc\horse SID (S-1-5-21-800761502-3479147076-3460853997-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

25/08/2013 23:38:34, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the CyberGhost VPN 5 Client Service service to connect.

25/08/2013 23:38:34, Error: Service Control Manager [7000]  - The CyberGhost VPN 5 Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

25/08/2013 19:25:01, Error: Service Control Manager [7000]  - The BrowserDefendert service failed to start due to the following error:  The system cannot find the file specified.

25/08/2013 17:14:05, Error: Service Control Manager [7034]  - The CyberGhost VPN 5 Client Service service terminated unexpectedly.  It has done this 1 time(s).

25/08/2013 15:47:52, Error: Service Control Manager [7034]  - The Hotspot Shield Service service terminated unexpectedly.  It has done this 1 time(s).

25/08/2013 12:50:04, Error: Service Control Manager [7031]  - The Norton Identity Safe service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

25/08/2013 12:50:04, Error: Service Control Manager [7031]  - The Norton AntiVirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

24/08/2013 14:27:27, Error: Service Control Manager [7000]  - The Hotspot Shield Service service failed to start due to the following error:  The system cannot find the file specified.

24/08/2013 12:38:13, Error: Service Control Manager [7034]  - The Hotspot Shield Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).

24/08/2013 12:38:13, Error: Service Control Manager [7031]  - The Hotspot Shield Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

24/08/2013 12:38:13, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Hotspot Shield Service service to connect.

24/08/2013 12:38:13, Error: Service Control Manager [7000]  - The Hotspot Shield Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

23/08/2013 13:50:57, Error: Schannel [36888]  - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

23/08/2013 11:53:29, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2836988).

23/08/2013 11:46:47, Error: Service Control Manager [7023]  - The Windows Modules Installer service terminated with the following error:  Access is denied.

23/08/2013 11:26:20, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2822241).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2862966).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2829361).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2829254).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2781197).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2770660).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2757638).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2753842).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2844289).

23/08/2013 10:41:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2833959).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2845533).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2811660).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2798162).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2839894).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2835361).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2807986).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2803821).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2737084).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2736693).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2729462).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Internet Explorer Flash Player for Windows 8 for X64-based Systems (KB2857645).

23/08/2013 10:41:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Cumulative Security Update for Internet Explorer 10 for Windows 8 for x64-based Systems (KB2862772).

23/08/2013 10:41:33, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2768703).

23/08/2013 10:41:33, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2845187).

23/08/2013 10:41:33, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2789649).

23/08/2013 10:41:33, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2789650).

23/08/2013 10:41:33, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Cumulative Security Update for ActiveX Killbits for Windows 8 for x64-based Systems (KB2820197).

23/08/2013 10:41:32, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64 based Systems (KB2769166).

23/08/2013 10:41:32, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2868623).

23/08/2013 10:41:32, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2850851).

23/08/2013 10:41:32, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2813430).

23/08/2013 10:41:32, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2833958).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2863058).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2856373).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2795944).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Update for Windows 8 for x64-based Systems (KB2769165).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2849470).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2835364).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2830290).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2785220).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Windows 8 for x64-based Systems (KB2727528).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64 (KB2742614).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2840632).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 4.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2804583).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2840633).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2832418).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2804584).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Security Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2742616).

23/08/2013 10:41:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Microsoft Browser Choice Screen Update for EEA Users of Windows 8 for x64-based Systems (KB976002).

23/08/2013 10:39:50, Error: NetBT [4311]  - Initialization failed because the driver device could not be created. Use the string "1CC63C4BC71B" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the  Globally Unique Interface Identifier (GUID) if NetBT was unable to  map from GUID to MAC address. If neither the MAC address nor the GUID were  available, the string represents a cluster device name. 

23/08/2013 09:41:04, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: Microsoft.NetworkSpeedTest.

23/08/2013 09:39:50, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: Microsoft.BingWeather.

23/08/2013 09:32:38, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: Microsoft.ZuneMusic.

23/08/2013 09:32:34, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: Microsoft.BingMaps.

23/08/2013 09:32:22, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: microsoft.microsoftskydrive.

23/08/2013 09:31:53, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: microsoft.windowscommunicationsapps.

23/08/2013 09:31:53, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: Microsoft.BingFinance.

23/08/2013 09:31:17, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: microsoft.windowsphotos.

23/08/2013 09:30:35, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: Microsoft.BingNews.

23/08/2013 09:30:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: Microsoft.BingSports.

23/08/2013 09:29:58, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80073D0A: Microsoft.Bing.

23/08/2013 05:40:01, Error: Service Control Manager [7024]  - The Windows Search service terminated with the following service-specific error:  The class is configured to run as a security id different from the caller

23/08/2013 05:37:57, Error: Service Control Manager [7024]  - The Background Intelligent Transfer Service service terminated with the following service-specific error:  Server execution failed

23/08/2013 05:37:57, Error: Microsoft-Windows-Bits-Client [16392]  - The BITS service failed to start.  Error 0x80080005.

23/08/2013 05:35:57, Error: Service Control Manager [7023]  - The Network List Service service terminated with the following error:  The device is not ready.

23/08/2013 05:29:55, Error: Service Control Manager [7023]  - The IP Helper service terminated with the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

.

==== End Of File ===========================

Link to post
Share on other sites
schulenballs

schulenballs

Posted
  • Author
Posted
RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 8 (6.2.9200 ) 64 bits version

Started in : Normal mode

User : horse [Admin rights]

Mode : Scan -- Date : 08/28/2013 21:00:52

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 6 ¤¤¤

[DNS] HKLM\[...]\CCSet\[...]\{5EAE09BB-7CD4-4C65-9885-D5177581D453} : NameServer (4.2.2.1,74.82.42.42) -> FOUND

[DNS] HKLM\[...]\CS001\[...]\{5EAE09BB-7CD4-4C65-9885-D5177581D453} : NameServer (4.2.2.1,74.82.42.42) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: TOSHIBA MK3275GSX +++++

--- User ---

[MBR] bdba1f549228f8fe34b395c68812e5eb

[bSP] 7f9f3b9c46866af2df5fa8a4d8e83ccb : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 161396 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 330754048 | Size: 143741 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_08282013_210052.txt >>
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Not much showing......

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
MrC
Link to post
Share on other sites
schulenballs

schulenballs

Posted
  • Author
Posted
# AdwCleaner v3.001 - Report created 28/08/2013 at 23:13:30

# Updated 24/08/2013 by Xplode

# Operating System : Windows 8 Pro  (64 bits)

# Username : horse - SCHULENBALLS-PC

# Running from : C:\Users\horse\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Found C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\jetpack

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16660

 

 

-\\ Mozilla Firefox v23.0.1 (en-US)

 

[ File : C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\prefs.js ]

 

 

*************************

 

AdwCleaner[R10].txt - [915 octets] - [28/08/2013 23:00:52]

AdwCleaner[R11].txt - [776 octets] - [28/08/2013 23:13:30]

AdwCleaner[R9].txt - [854 octets] - [28/08/2013 22:44:16]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R11].txt - [895 octets] ##########
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

See if the Clean-up works:

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
MrC
Link to post
Share on other sites
schulenballs

schulenballs

Posted
  • Author
Posted

 # AdwCleaner v3.001 - Report created 29/08/2013 at 00:29:04

# Updated 24/08/2013 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : horse - SCHULENBALLS-PC
# Running from : C:\Users\horse\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\jetpack
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16660
 
 
-\\ Mozilla Firefox v23.0.1 (en-US)
 
[ File : C:\Users\horse\AppData\Roaming\Mozilla\Firefox\Profiles\hvw5t1xk.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R14].txt - [856 octets] - [29/08/2013 00:16:29]
AdwCleaner[R15].txt - [975 octets] - [29/08/2013 00:26:28]
AdwCleaner[s5].txt - [920 octets] - [29/08/2013 00:21:39]
AdwCleaner[s6].txt - [900 octets] - [29/08/2013 00:29:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [959 octets] ##########
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Well looks like you're clean.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
schulenballs

schulenballs

Posted
  • Author
Posted
 Results of screen317's Security Check version 0.99.73  

   x64 (UAC is enabled)  

 Internet Explorer 10  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender   

Norton AntiVirus   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 11.8.800.94  

 Mozilla Firefox (23.0.1) 

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 WinPatrol winpatrol.exe 

 Norton AntiVirus Engine 20.4.0.40 ccSvcHst.exe 

 BillP Studios WinPatrol WinPatrol.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Looks OK......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:

Download the fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

That will delete the quarantine folder created by FRST.

-----------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.