somedude Posted November 10, 2013 ID:751878 Share Posted November 10, 2013 I was attempting to view a page that would give me magnet links to download a file, and instead, it downloaded an .exe file. I do not remember the name (it's been deleted) and I can't seem to fix this myself, which is rather unusual. I've even restored my system to before I downloaded the file. I never ran the .exe file, just looked at the properties briefly, and noticed that it had some sort of name that it had record of being changed from, and it was completely different. I believe this type of malware is the same type that is disguised as a "youtube downloader", although mine was not described as such. The main effect I've noticed from this malware is that my homepage changed to http://search.yahoo.com/?type=386496&fr=spigot-yhp-ff%C2'>I've taken that off as the main page, but if I search for anything with the main address bar of my browser, that page does the search. I use google chrome exclusively, so I opened up internet explorer, and the same home page came up. Anyway, I'd appreciate anyone getting back to me, I'll be happy to run whatever programs I need to and post the logs in order to get this straightened out. Link to post Share on other sites More sharing options...
kevinf80 Posted November 10, 2013 ID:751890 Share Posted November 10, 2013 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Next,Download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Kevin.... Link to post Share on other sites More sharing options...
somedude Posted November 12, 2013 Author ID:752549 Share Posted November 12, 2013 Thanks Kevin, Here's the results of the scan: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01Ran by Matt (administrator) on MATT-PC on 12-11-2013 01:08:10Running from C:\Users\Matt\DesktopWindows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (ASUSTeK COMPUTER INC.) C:\Windows\system32\ATKFUSService.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe() C:\Windows\SysWOW64\ASDR.exe(Wireless) C:\Program Files (x86)\Wireless\WPS\jswpbapi.exe(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe() C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe() C:\Program Files (x86)\Wireless\WPS\jswtrayutil.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)HKCU\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000MountPoints2: {de08be84-0fee-11e2-b567-806e6f6e6963} - E:\PC_Clickme.exeHKLM-x32\...\Run: [ASUSGamerOSD] - C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe [380928 2009-07-30] (ASUSTeK Computer Inc.)HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)HKLM-x32\...\Run: [jswtrayutil] - C:\Program Files (x86)\Wireless\WPS\jswtrayutil.exe [32883 2010-03-17] ()HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD557DEA1F77FCE01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/http://www.google.com/BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cabTcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No FileFF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0CHR Extension: (http://www.facebook.com/) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo\2012.10.23.2958_0CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 ==================== Services (Whitelisted) ================= R2 ASDR; C:\Windows\SysWOW64\ASDR.exe [61440 2009-07-27] ()R2 ATKFUSService; C:\Windows\system32\ATKFUSService.exe [63488 2009-12-01] (ASUSTeK COMPUTER INC.)R2 jswpbapi; C:\Program Files (x86)\Wireless\WPS\jswpbapi.exe [265216 2010-03-16] (Wireless)S3 jswpsapi; C:\Program Files (x86)\Wireless\WPS\jswpsapi.exe [954368 2010-03-16] (Wireless) ==================== Drivers (Whitelisted) ==================== R3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.)R3 atkdisplf; C:\Windows\System32\drivers\ATKDispLowFilter.sys [39424 2009-02-17] (ASUSTeK Computer Inc.)R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2013-01-30] (DT Soft Ltd)R1 EIO64; C:\Windows\System32\DRIVERS\EIO64.sys [16384 2012-10-05] (ASUSTeK Computer Inc.)R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)S3 L6PODLV; C:\Windows\System32\Drivers\L6PODLV64.sys [772864 2013-06-26] (Line 6)S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]S3 tsusbhub; system32\drivers\tsusbhub.sys [x]S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 01:04 - 2013-11-12 01:04 - 01957590 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe2013-11-12 00:47 - 2013-11-12 00:47 - 00000000 ____D C:\FRST2013-11-10 00:21 - 2013-11-10 00:21 - 00000000 ____D C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy2013-11-10 00:21 - 2013-11-10 00:21 - 00000000 ____D C:\Users\Matt\AppData\Local\PACE Anti-Piracy2013-11-10 00:21 - 2013-11-10 00:21 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy2013-11-10 00:21 - 2013-11-10 00:21 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy2013-11-09 23:46 - 2013-11-09 23:46 - 00013590 _____ C:\Users\Matt\Desktop\computer bleh.txt2013-11-09 23:42 - 2013-11-09 23:42 - 00008165 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11092013_234218.txt2013-11-09 23:39 - 2013-11-09 23:48 - 00000000 ____D C:\Users\Matt\Desktop\RK_Quarantine2013-11-09 23:24 - 2013-11-09 23:45 - 00013590 _____ C:\Users\Matt\Desktop\Rkill.txt2013-11-09 20:55 - 2013-11-09 22:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-11-09 20:55 - 2013-11-09 22:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-11-09 20:48 - 2013-11-09 23:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-11-09 20:48 - 2013-11-09 20:49 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla2013-11-09 20:48 - 2013-11-09 20:48 - 00282784 _____ (Mozilla) C:\Users\Matt\Downloads\Firefox Setup Stub 25.0.exe2013-11-09 20:48 - 2013-11-09 20:48 - 00000000 ____D C:\Users\Matt\AppData\Local\Mozilla2013-11-09 20:48 - 2013-11-09 20:48 - 00000000 ____D C:\ProgramData\Mozilla2013-11-09 20:48 - 2013-11-09 20:48 - 00000000 ____D C:\ProgramData\Mozilla2013-10-21 18:53 - 2013-10-21 18:53 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk2013-10-20 23:28 - 2013-10-20 23:28 - 00003453 _____ C:\Users\Matt\AppData\Local\recently-used.xbel2013-10-16 23:22 - 2013-10-16 23:22 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Cycling '74 ==================== One Month Modified Files and Folders ======= 2013-11-12 01:04 - 2013-11-12 01:04 - 01957590 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe2013-11-12 00:56 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI2013-11-12 00:53 - 2012-10-06 14:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-11-12 00:51 - 2009-07-13 22:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-11-12 00:51 - 2009-07-13 22:45 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-11-12 00:48 - 2012-10-05 22:55 - 01479611 _____ C:\Windows\WindowsUpdate.log2013-11-12 00:47 - 2013-11-12 00:47 - 00000000 ____D C:\FRST2013-11-12 00:44 - 2012-10-06 14:05 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-11-12 00:44 - 2012-10-05 23:34 - 00000000 ____D C:\ProgramData\NVIDIA2013-11-12 00:44 - 2012-10-05 23:34 - 00000000 ____D C:\ProgramData\NVIDIA2013-11-12 00:44 - 2012-10-05 23:32 - 00013886 _____ C:\Windows\PFRO.log2013-11-12 00:44 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-11-12 00:44 - 2009-07-13 22:51 - 00067778 _____ C:\Windows\setupact.log2013-11-12 00:44 - 2009-07-13 22:45 - 00301080 _____ C:\Windows\system32\FNTCACHE.DAT2013-11-12 00:38 - 2013-09-10 16:58 - 00000000 ____D C:\Users\Matt\AppData\Roaming\NCH Software2013-11-12 00:34 - 2012-10-06 00:13 - 00000000 ____D C:\ProgramData\Microsoft Help2013-11-12 00:34 - 2012-10-06 00:13 - 00000000 ____D C:\ProgramData\Microsoft Help2013-11-12 00:33 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2013-11-12 00:29 - 2013-01-06 15:06 - 00000000 ____D C:\Windows\system32\appmgmt2013-11-12 00:27 - 2012-10-29 21:23 - 00000000 ____D C:\Program Files (x86)\Audacity2013-11-12 00:24 - 2012-10-06 15:42 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent2013-11-12 00:08 - 2012-11-06 12:54 - 00000000 ____D C:\Users\Navi2013-11-12 00:06 - 2012-10-05 22:55 - 00000000 ____D C:\Users\Matt2013-11-11 23:59 - 2012-10-06 17:41 - 00000000 ____D C:\Users\Matt\AppData\Roaming\vlc2013-11-10 00:21 - 2013-11-10 00:21 - 00000000 ____D C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy2013-11-10 00:21 - 2013-11-10 00:21 - 00000000 ____D C:\Users\Matt\AppData\Local\PACE Anti-Piracy2013-11-10 00:21 - 2013-11-10 00:21 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy2013-11-10 00:21 - 2013-11-10 00:21 - 00000000 ____D C:\ProgramData\PACE Anti-Piracy2013-11-10 00:21 - 2013-09-23 01:34 - 00000000 ___HD C:\Users\Matt\AppData\Local\TWHWjZifa2013-11-10 00:21 - 2012-05-05 18:30 - 00000000 ___HD C:\Users\Matt\AppData\Local\0G3Wgsb2Fhk2UC82013-11-09 23:48 - 2013-11-09 23:39 - 00000000 ____D C:\Users\Matt\Desktop\RK_Quarantine2013-11-09 23:48 - 2013-11-09 20:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-11-09 23:48 - 2009-07-14 01:45 - 00000000 ___RD C:\Users\Public\Recorded TV2013-11-09 23:48 - 2009-07-14 01:45 - 00000000 ___RD C:\Users\Public\Recorded TV2013-11-09 23:48 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration2013-11-09 23:46 - 2013-11-09 23:46 - 00013590 _____ C:\Users\Matt\Desktop\computer bleh.txt2013-11-09 23:45 - 2013-11-09 23:24 - 00013590 _____ C:\Users\Matt\Desktop\Rkill.txt2013-11-09 23:42 - 2013-11-09 23:42 - 00008165 _____ C:\Users\Matt\Desktop\RKreport[0]_S_11092013_234218.txt2013-11-09 22:06 - 2013-11-09 20:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-11-09 22:06 - 2013-11-09 20:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2013-11-09 20:49 - 2013-11-09 20:48 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla2013-11-09 20:48 - 2013-11-09 20:48 - 00282784 _____ (Mozilla) C:\Users\Matt\Downloads\Firefox Setup Stub 25.0.exe2013-11-09 20:48 - 2013-11-09 20:48 - 00000000 ____D C:\Users\Matt\AppData\Local\Mozilla2013-11-09 20:48 - 2013-11-09 20:48 - 00000000 ____D C:\ProgramData\Mozilla2013-11-09 20:48 - 2013-11-09 20:48 - 00000000 ____D C:\ProgramData\Mozilla2013-11-08 02:08 - 2013-04-08 21:02 - 00014848 _____ C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2013-10-28 18:57 - 2013-06-18 22:58 - 00001090 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk2013-10-21 18:53 - 2013-10-21 18:53 - 00001062 _____ C:\Users\Public\Desktop\VLC media player.lnk2013-10-20 23:35 - 2012-12-28 21:07 - 00000000 ____D C:\Users\Matt\.gimp-2.82013-10-20 23:35 - 2012-12-28 21:07 - 00000000 ____D C:\Users\Matt\.gimp-2.82013-10-20 23:28 - 2013-10-20 23:28 - 00003453 _____ C:\Users\Matt\AppData\Local\recently-used.xbel2013-10-16 23:22 - 2013-10-16 23:22 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Cycling '74 Some content of TEMP:====================C:\Users\Matt\AppData\Local\Temp\AskSLib.dllC:\Users\Matt\AppData\Local\Temp\drm_dialogs.dllC:\Users\Matt\AppData\Local\Temp\ffmpeg16.exeC:\Users\Matt\AppData\Local\Temp\Foxit Updater.exeC:\Users\Matt\AppData\Local\Temp\jna2932125671319158444.dllC:\Users\Matt\AppData\Local\Temp\jna4717589532483131255.dllC:\Users\Matt\AppData\Local\Temp\jna5264768362481049876.dllC:\Users\Matt\AppData\Local\Temp\L6GPInst.dllC:\Users\Matt\AppData\Local\Temp\mpsetup.exeC:\Users\Matt\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Matt\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Matt\AppData\Local\Temp\nvStInst.exeC:\Users\Matt\AppData\Local\Temp\ose00000.exeC:\Users\Matt\AppData\Local\Temp\prismsetup.exeC:\Users\Matt\AppData\Local\Temp\utt2754.tmp.exeC:\Users\Matt\AppData\Local\Temp\vlc-2.0.5-win32.exeC:\Users\Matt\AppData\Local\Temp\vlc-2.0.8-win32.exeC:\Users\Matt\AppData\Local\Temp\wpsetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-11 14:42 ==================== End Of Log ============================ And here's the addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01Ran by Matt at 2013-11-12 01:08:28Running from C:\Users\Matt\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.1.0)ASUS Gamer OSD (x32 Version: 3.07.0419)ASUS nVidia Driver (x32 Version: 1.00.0000)ASUS Smart Doctor (x32 Version: 5.80)Audacity 2.0.2 (x32 Version: 2.0.2)D3DX10 (x32 Version: 15.4.2368.0902)Foxit Reader (x32 Version: 5.4.3.920)Free RAR Extract Frog (x32 Version: 4.70)GIMP 2.8.2 (Version: 2.8.2)Google Chrome (x32 Version: 30.0.1599.101)Google Update Helper (x32 Version: 1.3.21.165)Java 7 Update 10 (x32 Version: 7.0.100)Java Auto Updater (x32 Version: 2.1.9.0)JMicron JMB36X Driver (x32 Version: 1.17.62.0)Line 6 Uninstaller (x32 Version: )Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Corporation (Version: 9.1.0.0)Microsoft Corporation (x32 Version: 9.1.0.0)Microsoft LifeCam (Version: 3.60.253.0)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)Movie Maker (x32 Version: 16.4.3505.0912)MSVCRT (x32 Version: 15.4.2862.0708)MSVCRT110 (x32 Version: 16.4.1108.0727)MSVCRT110_amd64 (Version: 16.4.1109.0912)NVIDIA 3D Vision Controller Driver (x32 Version: 267.67)NVIDIA 3D Vision Controller Driver 310.70 (Version: 310.70)NVIDIA 3D Vision Driver 311.06 (Version: 311.06)NVIDIA Control Panel 311.06 (Version: 311.06)NVIDIA Graphics Driver 311.06 (Version: 311.06)NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)NVIDIA Install Application (Version: 2.1002.108.688)NVIDIA PhysX (x32 Version: 9.12.1031)NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)NVIDIA Update 1.11.3 (Version: 1.11.3)NVIDIA Update Components (Version: 1.11.3)OpenSSL 0.9.8l Light (32-bit) (x32)Photo Gallery (x32 Version: 16.4.3505.0912)PS3 Media Server (x32 Version: 1.72.0)Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251)swMSM (x32 Version: 12.0.0.1)TeamViewer 8 (x32 Version: 8.0.22298)Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)Utility (x32 Version: 1.00.0002)VLC media player 2.0.8 (x32 Version: 2.0.8)Windows Live Communications Platform (x32 Version: 16.4.3505.0912)Windows Live Essentials (x32 Version: 16.4.3505.0912)Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)Windows Live Installer (x32 Version: 16.4.3505.0912)Windows Live Photo Common (x32 Version: 16.4.3505.0912)Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)Windows Live SOXE (x32 Version: 16.4.3505.0912)Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)Windows Live UX Platform (x32 Version: 16.4.3505.0912)Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)Wireless N Client Utility (x32 Version: 7.0)WPS Installation Program (x32 Version: 7.0) ==================== Restore Points ========================= 27-10-2013 23:19:13 Windows Update01-11-2013 18:41:01 Windows Update06-11-2013 14:26:22 Windows Update10-11-2013 00:21:56 Windows Update10-11-2013 05:46:42 Restore Operation10-11-2013 05:53:22 Windows Update12-11-2013 04:53:39 Windows Backup12-11-2013 06:25:30 Removed 7-Zip 9.20 (x64 edition)12-11-2013 06:26:40 Removed Ableton Live 9 Suite12-11-2013 06:27:33 Removed Ableton Live 9 Suite12-11-2013 06:29:28 Removed Max 6.1.412-11-2013 06:30:01 Removed Max 6.1.412-11-2013 06:32:02 Removed Microsoft Office File Validation Add-In12-11-2013 06:32:31 Removed Microsoft Office Word 2007 ==================== Hosts content: ========================== 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {2FD51FF2-573C-4E7D-8ECE-7F56374FD5B6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06] (Google Inc.)Task: {4BF4CDAD-8819-4924-919E-6EC1895B192F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-06] (Google Inc.)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-05 23:36 - 2009-04-29 19:46 - 01077248 _____ () C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dll2012-10-05 23:36 - 2009-02-17 17:22 - 00184320 _____ () C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll2013-01-02 04:26 - 2010-03-17 14:59 - 00798720 _____ () C:\Program Files (x86)\Wireless\WPS\jswscapploc.dll2013-10-16 16:56 - 2013-10-08 18:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll2013-10-16 16:56 - 2013-10-08 18:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll2013-10-16 16:56 - 2013-10-08 18:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll2013-10-16 16:56 - 2013-10-08 18:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll2013-10-16 16:56 - 2013-10-08 18:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Matt\AppData\Local\Temporary Internet Files:0L9GswsHNLpKxkrQ4DR1AlternateDataStreams: C:\Users\Matt\AppData\Local\TWHWjZifa:qmqBqt5pvaskaC1snZzrpx2pZ ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/12/2013 00:32:31 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details:AddLegacyDriverFiles: Unable to back up image of binary Tpkd. System Error:The system cannot find the file specified.. Error: (11/12/2013 00:32:02 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details:AddLegacyDriverFiles: Unable to back up image of binary Tpkd. System Error:The system cannot find the file specified.. Error: (11/12/2013 00:29:56 AM) (Source: MsiInstaller) (User: Matt-PC)Description: Product: Max 6.1.4 -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance. Error: (11/09/2013 08:54:00 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".The setting http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName is not registered. Error: (10/25/2013 00:33:24 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"1".Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/16/2013 10:50:16 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/16/2013 10:35:00 PM) (Source: Application Hang) (User: )Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: b58 Start Time: 01cecac2758d8e85 Termination Time: 40 Application Path: C:\Windows\Explorer.EXE Report Id: 792d7305-36e5-11e3-ad11-10bf48805a82 Error: (10/16/2013 05:22:23 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/12/2013 11:30:08 PM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (10/12/2013 01:18:20 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (11/12/2013 00:46:44 AM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (11/12/2013 00:46:44 AM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (11/11/2013 01:19:30 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (11/11/2013 01:19:30 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (11/10/2013 07:32:43 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (11/10/2013 07:32:43 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (11/09/2013 11:52:00 PM) (Source: Service Control Manager) (User: )Description: The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 Error: (11/09/2013 11:52:00 PM) (Source: Service Control Manager) (User: )Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (11/09/2013 11:24:03 PM) (Source: Service Control Manager) (User: )Description: The ASDR service terminated unexpectedly. It has done this 1 time(s). Error: (11/09/2013 11:24:03 PM) (Source: Service Control Manager) (User: )Description: The ATK Fast User Switch Service service terminated unexpectedly. It has done this 1 time(s). Microsoft Office Sessions:=========================Error: (11/12/2013 00:32:31 AM) (Source: Microsoft-Windows-CAPI2)(User: )Description: Details:AddLegacyDriverFiles: Unable to back up image of binary Tpkd. System Error:The system cannot find the file specified. Error: (11/12/2013 00:32:02 AM) (Source: Microsoft-Windows-CAPI2)(User: )Description: Details:AddLegacyDriverFiles: Unable to back up image of binary Tpkd. System Error:The system cannot find the file specified. Error: (11/12/2013 00:29:56 AM) (Source: MsiInstaller)(User: Matt-PC)Description: Product: Max 6.1.4 -- Error 1730. You must be an Administrator to remove this application. To remove this application, you can log on as an Administrator, or contact your technical support group for assistance.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/09/2013 08:54:00 PM) (Source: SideBySide)(User: )Description: http://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameK:\D Drive\Spybot - Search & Destroy 2\SDWSCSvc.exe Error: (10/25/2013 00:33:24 AM) (Source: SideBySide)(User: )Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win64",version="6.0.0.0"C:\Windows\system32\L6DriverControlPanel.cpl Error: (10/16/2013 10:50:16 PM) (Source: SideBySide)(User: )Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe Error: (10/16/2013 10:35:00 PM) (Source: Application Hang)(User: )Description: Explorer.EXE6.1.7601.17567b5801cecac2758d8e8540C:\Windows\Explorer.EXE792d7305-36e5-11e3-ad11-10bf48805a82 Error: (10/16/2013 05:22:23 PM) (Source: SideBySide)(User: )Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe Error: (10/12/2013 11:30:08 PM) (Source: SideBySide)(User: )Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe Error: (10/12/2013 01:18:20 AM) (Source: SideBySide)(User: )Description: Microsoft.VC90.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\ProgramData\Ableton\Live 9 Suite\Program\Ableton Live 9 Suite.exe CodeIntegrity Errors:=================================== Date: 2013-11-09 22:20:20.745 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\D Drive\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system. Date: 2013-11-09 21:10:06.797 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\D Drive\Spybot - Search & Destroy 2\pcrelib.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 21%Total physical RAM: 8137.36 MBAvailable physical RAM: 6405.86 MBTotal Pagefile: 16272.9 MBAvailable Pagefile: 14096.63 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.51 GB) (Free:873.98 GB) NTFSDrive d: () (Fixed) (Total:931.41 GB) (Free:807.87 GB) NTFSDrive e: (BOONDOCKS_SEASON_ONE_DISC_ONE) (CDROM) (Total:7.29 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CF79E079)Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: CF79E075)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Thanks! Link to post Share on other sites More sharing options...
kevinf80 Posted November 12, 2013 ID:752566 Share Posted November 12, 2013 Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. Next, Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop. Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Uncheck any elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted (if necessary): Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. Next, Open Malwarebytes, check for updates then run Quick scan. Full instructions follow if Malwarebytes is not installed: Download Malwarebytes from the following link and save it to your desktop.: http://www.malwarebytes.org/mbam.php Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note) Please save the log to a location you will remember. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy and paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Next, We need to run an online AV scan to ensure there are no remnants of any infection left on your system, this scan can take several hours to complete, it is very thorough and well worth running, please be patient and let it complete: Run Eset Online Scanner **Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan click on the Run ESET Online Scanner button Tick the box next to YES, I accept the Terms of Use.Click Start When asked, allow the add/on to be installedClick Start Make sure that the option Remove found threats is unticked Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scan wait for the virus definitions to be downloaded Wait for the scan to finish When the scan is complete If no threats were found put a checkmark in "Uninstall application on close" close program report to me that nothing was found If threats were found click on "list of threats found" click on "export to text file" and save it as ESET SCAN and save to the desktop Click on back put a checkmark in "Uninstall application on close" click on finish close program copy and paste the report here Finally, Download Security Check by screen317 from either of the following: http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop.Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see those logs, also give an update on any remaining issues or concerns... Kevin... fixlist.txt Link to post Share on other sites More sharing options...
somedude Posted November 13, 2013 Author ID:752911 Share Posted November 13, 2013 Thanks, Here's the first log file: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2013 01Ran by Matt at 2013-11-12 22:59:27 Run:1Running from C:\Users\Matt\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************StartMountPoints2: {de08be84-0fee-11e2-b567-806e6f6e6963} - E:\PC_Clickme.exe2013-11-10 00:21 - 2013-09-23 01:34 - 00000000 ___HD C:\Users\Matt\AppData\Local\TWHWjZifa2013-11-10 00:21 - 2012-05-05 18:30 - 00000000 ___HD C:\Users\Matt\AppData\Local\0G3Wgsb2Fhk2UC8C:\Users\Matt\AppData\Local\Temp\AskSLib.dllC:\Users\Matt\AppData\Local\Temp\drm_dialogs.dllC:\Users\Matt\AppData\Local\Temp\ffmpeg16.exeC:\Users\Matt\AppData\Local\Temp\Foxit Updater.exeC:\Users\Matt\AppData\Local\Temp\jna2932125671319158444.dllC:\Users\Matt\AppData\Local\Temp\jna4717589532483131255.dllC:\Users\Matt\AppData\Local\Temp\jna5264768362481049876.dllC:\Users\Matt\AppData\Local\Temp\L6GPInst.dllC:\Users\Matt\AppData\Local\Temp\mpsetup.exeC:\Users\Matt\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Matt\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Matt\AppData\Local\Temp\nvStInst.exeC:\Users\Matt\AppData\Local\Temp\ose00000.exeC:\Users\Matt\AppData\Local\Temp\prismsetup.exeC:\Users\Matt\AppData\Local\Temp\utt2754.tmp.exeC:\Users\Matt\AppData\Local\Temp\vlc-2.0.5-win32.exeC:\Users\Matt\AppData\Local\Temp\vlc-2.0.8-win32.exeC:\Users\Matt\AppData\Local\Temp\wpsetup.exeAlternateDataStreams: C:\Users\Matt\AppData\Local\Temporary Internet Files:0L9GswsHNLpKxkrQ4DR1AlternateDataStreams: C:\Users\Matt\AppData\Local\TWHWjZifa:qmqBqt5pvaskaC1snZzrpx2pZEnd ***************** HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de08be84-0fee-11e2-b567-806e6f6e6963} => Key deleted successfully.HKCR\CLSID\{de08be84-0fee-11e2-b567-806e6f6e6963} => Key not found.C:\Users\Matt\AppData\Local\TWHWjZifa => Moved successfully.C:\Users\Matt\AppData\Local\0G3Wgsb2Fhk2UC8 => Moved successfully.C:\Users\Matt\AppData\Local\Temp\AskSLib.dll => Moved successfully.C:\Users\Matt\AppData\Local\Temp\drm_dialogs.dll => Moved successfully.C:\Users\Matt\AppData\Local\Temp\ffmpeg16.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\Foxit Updater.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\jna2932125671319158444.dll => Moved successfully.C:\Users\Matt\AppData\Local\Temp\jna4717589532483131255.dll => Moved successfully.C:\Users\Matt\AppData\Local\Temp\jna5264768362481049876.dll => Moved successfully.C:\Users\Matt\AppData\Local\Temp\L6GPInst.dll => Moved successfully.C:\Users\Matt\AppData\Local\Temp\mpsetup.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.C:\Users\Matt\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.C:\Users\Matt\AppData\Local\Temp\nvStInst.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\ose00000.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\prismsetup.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\utt2754.tmp.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\vlc-2.0.5-win32.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.C:\Users\Matt\AppData\Local\Temp\wpsetup.exe => Moved successfully."C:\Users\Matt\AppData\Local\Temporary Internet Files" => ":0L9GswsHNLpKxkrQ4DR1" ADS not found."C:\Users\Matt\AppData\Local\TWHWjZifa" => ":qmqBqt5pvaskaC1snZzrpx2pZ" ADS not found. ==== End of Fixlog ==== And here's the second: # AdwCleaner v3.012 - Report created 12/11/2013 at 23:07:09# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)# Username : Matt - MATT-PC# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Matt\AppData\Roaming\NCH Software ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKCU\Software\1ClickDownloadKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\NCH SoftwareKey Deleted : HKLM\Software\Conduit ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Mozilla Firefox v -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\preferences ] [ File : C:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1740 octets] - [12/11/2013 23:01:54]AdwCleaner[s0].txt - [1507 octets] - [12/11/2013 23:07:09] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1567 octets] ########## Here's the third: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.11.13.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Matt :: MATT-PC [administrator] 11/12/2013 11:16:50 PMmbam-log-2013-11-12 (23-16-50).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 248518Time elapsed: 3 minute(s), 4 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Matt\Downloads\SaveAs.exe (PUP.Optional.InstallerEX.A) -> Quarantined and deleted successfully. (end) Here's the fourth: C:\FRST\Quarantine\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask applicationC:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0043bd Win32/InstalleRex.L applicationC:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5QHLG3X\ApnIC[1].0 a variant of Win32/Bundled.Toolbar.Ask applicationC:\Users\Matt\AppData\Local\Temp\17628674.Uninstall\Uninstall.exe a variant of Win32/InstallCore.AX applicationC:\Users\Matt\Downloads\FoxitReader543.0920_enu_Setup.exe a variant of Win32/Bundled.Toolbar.Ask application And here's that checkup document: Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 10 Java version out of Date! Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Again, thank you so much for everything. Normally, I can handle my computer problems, but this one's way over my head. Anyway, I'm a little worried about the items uncovered by the AV scan... Do those look harmful to you, or are they just normal toolbars or something? The only other concern that I have is that I keep most of my music and pictures and stuff like that on an external hard drive... Do you think there's a chance that could also be infected if it was attached when my computer got the virus? I don't want to get my computer all fixed up, just to have it get messed up again... I want to protect it. Link to post Share on other sites More sharing options...
somedude Posted November 13, 2013 Author ID:752913 Share Posted November 13, 2013 Also, I just checked, and the malware still appears to be there. Still get the same odd yahoo page when I search for anything with my top bar. Link to post Share on other sites More sharing options...
kevinf80 Posted November 13, 2013 ID:752947 Share Posted November 13, 2013 There was no major infection on your system, only remnants. The ESET scan has also produced nothing significant, we can continue:Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)http://oldtimer.geekstogo.com/OTM.exe.http://www.itxassociates.com/OT-Tools/OTM.comhttp://www.itxassociates.com/OT-Tools/OTM.exe Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files:Filesipconfig /flushdns /cC:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0043bdC:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5QHLG3X\ApnIC[1].0C:\Users\Matt\AppData\Local\Temp\17628674.Uninstall\Uninstall.exeC:\Users\Matt\Downloads\FoxitReader543.0920_enu_Setup.exe:Commands[EmptyTemp] Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMNote: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.If the machine reboots, the Results log can be found here:c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.logWhere mmddyyyy_hhmmss is the date of the tool run.Next,I assume you refer to Chrome about the search issue? if so do this:Chrome Home PageClick the Chrome menu icon on the browser toolbar (Stack of Plates, top righthand corner).Select Settings. In the new page click "Show advanced settings" at the bottom of the page.In the "On startup" section, choose the options below: Open a New Tab page: then "Set Pages"In the new window clear the current setting by selecting the X on that line.Set this URL. http://www.google.co.?? then OK that setting....Put your country letters in place of ?? United Kingdom is UK, Australia is AU.....Next,Download Junkware Removal tool from this link:http://www.bleepingcomputer.com/download/junkware-removal-tool/Save to your desktop.Shut down your Security Protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator. Follow prompts as they come. The tool will open and start scanning your system. (Press any key when prompted to continue) Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post JRT.txt to your next message.Next,Download Security Check by screen317 from either of the following:http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exeSave it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.A Notepad document should open automatically called checkup.txt; please post the contents of that document. Let me see the new logs, also let me know if the issue still occurs. Regarding your Ext HD, carry out scans with Malwarebytes and your resident AV when we are done with your OS.... Kevin Link to post Share on other sites More sharing options...
somedude Posted November 13, 2013 Author ID:753148 Share Posted November 13, 2013 Ok, here's the first log: All processes killed========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Matt\Desktop\cmd.bat deleted successfully.C:\Users\Matt\Desktop\cmd.txt deleted successfully.C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0043bd moved successfully.C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5QHLG3X\ApnIC[1].0 moved successfully.C:\Users\Matt\AppData\Local\Temp\17628674.Uninstall\Uninstall.exe moved successfully.C:\Users\Matt\Downloads\FoxitReader543.0920_enu_Setup.exe moved successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Matt->Temp folder emptied: 88231942 bytes->Temporary Internet Files folder emptied: 298773627 bytes->Java cache emptied: 9322075 bytes->FireFox cache emptied: 0 bytes->Google Chrome cache emptied: 379141675 bytes->Flash cache emptied: 456 bytes User: Navi->Temp folder emptied: 47158 bytes->Temporary Internet Files folder emptied: 33298 bytes->Google Chrome cache emptied: 8444701 bytes User: Public User: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 378016199 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 589274 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 88682841 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 1,193.00 mb OTM by OldTimer - Version 3.1.21.0 log created on 11132013_122554 Files moved on Reboot...C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Here's the second: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Ultimate x64Ran by Matt on Wed 11/13/2013 at 12:35:48.14~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 11/13/2013 at 12:39:55.63End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ And the security check is the same thing that I installed and ran earlier, but this time, when I try to run it, it says this: UNSUPPORTED OPERATING SYSTEM! ABORTED! I've tried replacing it with a newly downloaded file, and the same thing still happens. I'm not sure what to do about that. So far, the same issue with the search remains. Also, I was wondering if my external hard drive might be able to reinfect my os if I reconnect it, and it happens to have something on it. I'm not planning on transferring any files or anything, at least not until I've scanned it. Should that be ok once the computer is alright again? Thanks again! Link to post Share on other sites More sharing options...
kevinf80 Posted November 13, 2013 ID:753170 Share Posted November 13, 2013 Scan your EXT HD with Malwarebytes and your AV program... Next, Download OTL from any of the following links and save to your desktop. http://itxassociates.com/OT-Tools/OTL.comhttp://oldtimer.geekstogo.com/OTL.exehttp://www.itxassociates.com/OT-Tools/OTL.scr Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert) When the window appears, underneath Output at the top, make sure Standard output is selected. Select Scan all usersChange Drivers to All Under the Extra Registry section, check Use SafeList In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". Click Run Scan and let the program run uninterrupted. When the scan is complete, two text files will be created on your Desktop. OTL.Txt <- this one will be opened Extras.txt <- this one will be minimized Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.NOTE: These logs can be long so please use multipul post if need be.Kevin Link to post Share on other sites More sharing options...
somedude Posted November 14, 2013 Author ID:753304 Share Posted November 14, 2013 Ok, here's the first: OTL logfile created on: 11/13/2013 6:47:11 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16736)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.48% Memory free15.89 Gb Paging File | 13.82 Gb Available in Paging File | 86.95% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 931.51 Gb Total Space | 872.53 Gb Free Space | 93.67% Space Free | Partition Type: NTFSDrive D: | 931.41 Gb Total Space | 807.87 Gb Free Space | 86.74% Space Free | Partition Type: NTFSDrive E: | 7.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/13 18:00:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.comPRC - [2013/10/08 18:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/10/01 06:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exePRC - [2013/10/01 06:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exePRC - [2013/10/01 06:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exePRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exePRC - [2010/03/17 14:50:08 | 000,032,883 | ---- | M] () -- C:\Program Files (x86)\Wireless\WPS\jswtrayutil.exePRC - [2009/07/30 17:10:04 | 000,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exePRC - [2009/07/27 10:13:28 | 000,061,440 | ---- | M] () -- C:\Windows\SysWOW64\ASDR.exe ========== Modules (No Company Name) ========== MOD - [2013/10/08 18:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dllMOD - [2013/10/08 18:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dllMOD - [2013/10/08 18:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dllMOD - [2013/10/08 18:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dllMOD - [2013/10/08 18:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dllMOD - [2010/03/17 14:59:54 | 000,798,720 | ---- | M] () -- C:\Program Files (x86)\Wireless\WPS\jswscapploc.dllMOD - [2010/03/17 14:50:08 | 000,032,883 | ---- | M] () -- C:\Program Files (x86)\Wireless\WPS\jswtrayutil.exeMOD - [2009/04/29 19:46:20 | 001,077,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\ImageTransform.dllMOD - [2009/02/17 17:22:16 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\ASUS\GamerOSD\AudioOnVistaDLL.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)SRV:64bit: - [2009/12/01 13:22:58 | 000,063,488 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)SRV - [2013/10/01 06:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)SRV - [2012/12/03 09:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/16 08:45:06 | 000,954,368 | ---- | M] (Wireless) [On_Demand | Stopped] -- C:\Program Files (x86)\Wireless\WPS\jswpsapi.exe -- (jswpsapi)SRV - [2010/03/16 08:45:06 | 000,265,216 | ---- | M] (Wireless) [Auto | Running] -- C:\Program Files (x86)\Wireless\WPS\jswpbapi.exe -- (jswpbapi)SRV - [2009/07/27 10:13:28 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASDR.exe -- (ASDR)SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (All) ========== DRV:64bit: - [2013/09/27 19:09:10 | 000,497,152 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)DRV:64bit: - [2013/09/24 20:26:40 | 000,154,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)DRV:64bit: - [2013/09/24 20:26:40 | 000,095,680 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)DRV:64bit: - [2013/09/07 20:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)DRV:64bit: - [2013/09/07 20:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)DRV:64bit: - [2013/08/01 06:09:36 | 000,983,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)DRV:64bit: - [2013/07/12 04:41:35 | 000,185,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo)DRV:64bit: - [2013/07/12 04:41:12 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir)DRV:64bit: - [2013/07/12 04:40:58 | 000,109,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio)DRV:64bit: - [2013/07/04 06:18:29 | 000,458,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)DRV:64bit: - [2013/07/04 04:11:35 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)DRV:64bit: - [2013/06/26 06:38:28 | 000,772,864 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODLV64.sys -- (L6PODLV)DRV:64bit: - [2013/06/25 16:55:52 | 000,785,624 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)DRV:64bit: - [2013/06/14 22:32:16 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)DRV:64bit: - [2013/04/12 08:45:08 | 001,656,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs)DRV:64bit: - [2013/02/25 23:32:32 | 011,036,448 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvlddmkm.sys -- (nvlddmkm)DRV:64bit: - [2013/01/30 00:29:55 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)DRV:64bit: - [2013/01/24 00:01:01 | 000,223,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)DRV:64bit: - [2012/10/05 23:37:05 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)DRV:64bit: - [2012/10/03 10:07:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)DRV:64bit: - [2012/08/22 12:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)DRV:64bit: - [2012/07/25 20:26:45 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)DRV:64bit: - [2012/07/25 20:26:06 | 000,198,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFRd.sys -- (WUDFRd)DRV:64bit: - [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)DRV:64bit: - [2012/04/27 21:55:21 | 000,210,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpwd.sys -- (RDPWD)DRV:64bit: - [2012/03/17 01:58:57 | 000,075,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/16 22:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)DRV:64bit: - [2011/11/10 18:32:02 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)DRV:64bit: - [2011/09/14 16:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)DRV:64bit: - [2011/09/14 16:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)DRV:64bit: - [2011/08/23 07:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/08/03 08:38:08 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)DRV:64bit: - [2011/07/08 20:46:28 | 000,288,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)DRV:64bit: - [2011/04/28 21:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)DRV:64bit: - [2011/04/28 21:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)DRV:64bit: - [2011/04/28 21:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)DRV:64bit: - [2011/04/26 20:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)DRV:64bit: - [2011/04/26 20:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)DRV:64bit: - [2011/03/24 21:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)DRV:64bit: - [2011/03/24 21:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)DRV:64bit: - [2011/03/24 21:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)DRV:64bit: - [2011/03/24 21:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)DRV:64bit: - [2011/03/24 21:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)DRV:64bit: - [2011/03/11 00:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)DRV:64bit: - [2011/03/11 00:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)DRV:64bit: - [2011/03/11 00:41:26 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/03/10 22:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)DRV:64bit: - [2011/02/22 22:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)DRV:64bit: - [2010/12/13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)DRV:64bit: - [2010/11/24 21:27:42 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)DRV:64bit: - [2010/11/23 04:16:56 | 002,565,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVHD64.sys -- (IntcAzAudAddService)DRV:64bit: - [2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)DRV:64bit: - [2010/11/20 07:34:01 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)DRV:64bit: - [2010/11/20 07:34:01 | 000,199,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)DRV:64bit: - [2010/11/20 07:34:01 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)DRV:64bit: - [2010/11/20 07:34:01 | 000,046,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)DRV:64bit: - [2010/11/20 07:34:01 | 000,034,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)DRV:64bit: - [2010/11/20 07:34:00 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)DRV:64bit: - [2010/11/20 07:33:57 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)DRV:64bit: - [2010/11/20 07:33:54 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)DRV:64bit: - [2010/11/20 07:33:53 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)DRV:64bit: - [2010/11/20 07:33:48 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)DRV:64bit: - [2010/11/20 07:33:45 | 000,366,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC)DRV:64bit: - [2010/11/20 07:33:45 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)DRV:64bit: - [2010/11/20 07:33:44 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)DRV:64bit: - [2010/11/20 07:33:44 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)DRV:64bit: - [2010/11/20 07:33:44 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)DRV:64bit: - [2010/11/20 07:33:43 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)DRV:64bit: - [2010/11/20 07:33:36 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 07:33:34 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)DRV:64bit: - [2010/11/20 07:32:46 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 05:06:41 | 000,165,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpdr.sys -- (RDPDR)DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2010/11/20 04:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)DRV:64bit: - [2010/11/20 04:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)DRV:64bit: - [2010/11/20 04:52:35 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp)DRV:64bit: - [2010/11/20 04:52:34 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)DRV:64bit: - [2010/11/20 04:52:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport)DRV:64bit: - [2010/11/20 04:52:20 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)DRV:64bit: - [2010/11/20 04:52:20 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy)DRV:64bit: - [2010/11/20 04:52:19 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)DRV:64bit: - [2010/11/20 04:51:50 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)DRV:64bit: - [2010/11/20 04:50:08 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)DRV:64bit: - [2010/11/20 04:44:56 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)DRV:64bit: - [2010/11/20 04:44:37 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)DRV:64bit: - [2010/11/20 04:44:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)DRV:64bit: - [2010/11/20 04:43:56 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)DRV:64bit: - [2010/11/20 04:43:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)DRV:64bit: - [2010/11/20 04:43:43 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)DRV:64bit: - [2010/11/20 04:34:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)DRV:64bit: - [2010/11/20 04:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)DRV:64bit: - [2010/11/20 04:33:17 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)DRV:64bit: - [2010/11/20 04:14:37 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)DRV:64bit: - [2010/11/20 04:09:59 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)DRV:64bit: - [2010/11/20 04:04:53 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)DRV:64bit: - [2010/11/20 03:57:33 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)DRV:64bit: - [2010/11/20 03:57:13 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)DRV:64bit: - [2010/11/20 03:30:42 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)DRV:64bit: - [2010/11/20 03:27:54 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)DRV:64bit: - [2010/11/20 03:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)DRV:64bit: - [2010/11/20 03:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)DRV:64bit: - [2010/11/20 03:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)DRV:64bit: - [2010/11/20 03:25:14 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)DRV:64bit: - [2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)DRV:64bit: - [2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)DRV:64bit: - [2010/11/20 03:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)DRV:64bit: - [2010/03/16 08:45:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)DRV:64bit: - [2010/02/22 14:46:36 | 000,023,680 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\IOMap64.sys -- (IOMap)DRV:64bit: - [2009/07/13 19:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS)DRV:64bit: - [2009/07/13 19:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)DRV:64bit: - [2009/07/13 19:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)DRV:64bit: - [2009/07/13 19:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)DRV:64bit: - [2009/07/13 19:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)DRV:64bit: - [2009/07/13 19:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)DRV:64bit: - [2009/07/13 19:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)DRV:64bit: - [2009/07/13 19:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)DRV:64bit: - [2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)DRV:64bit: - [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)DRV:64bit: - [2009/07/13 19:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)DRV:64bit: - [2009/07/13 19:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 19:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)DRV:64bit: - [2009/07/13 19:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)DRV:64bit: - [2009/07/13 19:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)DRV:64bit: - [2009/07/13 19:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)DRV:64bit: - [2009/07/13 19:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)DRV:64bit: - [2009/07/13 19:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)DRV:64bit: - [2009/07/13 19:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)DRV:64bit: - [2009/07/13 19:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)DRV:64bit: - [2009/07/13 19:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)DRV:64bit: - [2009/07/13 19:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 19:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)DRV:64bit: - [2009/07/13 19:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)DRV:64bit: - [2009/07/13 19:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)DRV:64bit: - [2009/07/13 19:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)DRV:64bit: - [2009/07/13 19:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)DRV:64bit: - [2009/07/13 19:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)DRV:64bit: - [2009/07/13 19:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)DRV:64bit: - [2009/07/13 19:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)DRV:64bit: - [2009/07/13 19:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)DRV:64bit: - [2009/07/13 19:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)DRV:64bit: - [2009/07/13 19:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)DRV:64bit: - [2009/07/13 19:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)DRV:64bit: - [2009/07/13 19:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)DRV:64bit: - [2009/07/13 19:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)DRV:64bit: - [2009/07/13 19:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)DRV:64bit: - [2009/07/13 19:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 19:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)DRV:64bit: - [2009/07/13 19:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spldr.sys -- (spldr)DRV:64bit: - [2009/07/13 19:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)DRV:64bit: - [2009/07/13 19:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)DRV:64bit: - [2009/07/13 19:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)DRV:64bit: - [2009/07/13 19:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)DRV:64bit: - [2009/07/13 19:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)DRV:64bit: - [2009/07/13 19:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)DRV:64bit: - [2009/07/13 19:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)DRV:64bit: - [2009/07/13 19:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)DRV:64bit: - [2009/07/13 19:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)DRV:64bit: - [2009/07/13 19:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid)DRV:64bit: - [2009/07/13 19:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)DRV:64bit: - [2009/07/13 18:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)DRV:64bit: - [2009/07/13 18:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)DRV:64bit: - [2009/07/13 18:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)DRV:64bit: - [2009/07/13 18:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)DRV:64bit: - [2009/07/13 18:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)DRV:64bit: - [2009/07/13 18:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)DRV:64bit: - [2009/07/13 18:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)DRV:64bit: - [2009/07/13 18:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)DRV:64bit: - [2009/07/13 18:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp)DRV:64bit: - [2009/07/13 18:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)DRV:64bit: - [2009/07/13 18:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)DRV:64bit: - [2009/07/13 18:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)DRV:64bit: - [2009/07/13 18:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)DRV:64bit: - [2009/07/13 18:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)DRV:64bit: - [2009/07/13 18:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)DRV:64bit: - [2009/07/13 18:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)DRV:64bit: - [2009/07/13 18:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)DRV:64bit: - [2009/07/13 18:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)DRV:64bit: - [2009/07/13 18:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb)DRV:64bit: - [2009/07/13 18:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)DRV:64bit: - [2009/07/13 18:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)DRV:64bit: - [2009/07/13 18:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)DRV:64bit: - [2009/07/13 18:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)DRV:64bit: - [2009/07/13 18:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)DRV:64bit: - [2009/07/13 18:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)DRV:64bit: - [2009/07/13 18:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)DRV:64bit: - [2009/07/13 18:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)DRV:64bit: - [2009/07/13 18:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)DRV:64bit: - [2009/07/13 18:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)DRV:64bit: - [2009/07/13 18:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)DRV:64bit: - [2009/07/13 18:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394)DRV:64bit: - [2009/07/13 18:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)DRV:64bit: - [2009/07/13 18:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)DRV:64bit: - [2009/07/13 18:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)DRV:64bit: - [2009/07/13 18:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)DRV:64bit: - [2009/07/13 18:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)DRV:64bit: - [2009/07/13 18:02:07 | 000,027,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacompen.sys -- (WacomPen)DRV:64bit: - [2009/07/13 18:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)DRV:64bit: - [2009/07/13 18:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)DRV:64bit: - [2009/07/13 18:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)DRV:64bit: - [2009/07/13 18:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)DRV:64bit: - [2009/07/13 18:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)DRV:64bit: - [2009/07/13 18:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)DRV:64bit: - [2009/07/13 18:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)DRV:64bit: - [2009/07/13 18:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)DRV:64bit: - [2009/07/13 18:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)DRV:64bit: - [2009/07/13 18:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)DRV:64bit: - [2009/07/13 18:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)DRV:64bit: - [2009/07/13 18:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)DRV:64bit: - [2009/07/13 18:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)DRV:64bit: - [2009/07/13 18:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)DRV:64bit: - [2009/07/13 18:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)DRV:64bit: - [2009/07/13 18:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)DRV:64bit: - [2009/07/13 17:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)DRV:64bit: - [2009/07/13 17:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)DRV:64bit: - [2009/07/13 17:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)DRV:64bit: - [2009/07/13 17:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)DRV:64bit: - [2009/07/13 17:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)DRV:64bit: - [2009/07/13 17:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)DRV:64bit: - [2009/07/13 17:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)DRV:64bit: - [2009/07/13 17:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)DRV:64bit: - [2009/07/13 17:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)DRV:64bit: - [2009/07/13 17:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)DRV:64bit: - [2009/07/13 17:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)DRV:64bit: - [2009/07/13 17:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat)DRV:64bit: - [2009/07/13 17:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat)DRV:64bit: - [2009/07/13 17:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)DRV:64bit: - [2009/07/13 17:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)DRV:64bit: - [2009/07/13 17:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs)DRV:64bit: - [2009/07/13 17:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)DRV:64bit: - [2009/07/13 17:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs)DRV:64bit: - [2009/07/13 17:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null)DRV:64bit: - [2009/07/13 17:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)DRV:64bit: - [2009/07/13 17:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)DRV:64bit: - [2009/07/13 17:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)DRV:64bit: - [2009/07/13 17:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)DRV:64bit: - [2009/06/10 14:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)DRV:64bit: - [2009/06/10 14:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)DRV:64bit: - [2009/06/10 14:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)DRV:64bit: - [2009/06/10 14:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)DRV:64bit: - [2009/06/10 14:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)DRV:64bit: - [2009/06/10 14:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv)DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/02/17 17:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)DRV:64bit: - [2009/02/17 17:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-96533722-1210416067-622281322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.com/http://www.google.com/ [binary data]IE - HKU\S-1-5-21-96533722-1210416067-622281322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-96533722-1210416067-622281322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKU\S-1-5-21-96533722-1210416067-622281322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 57 DE A1 F7 7F CE 01 [binary data]IE - HKU\S-1-5-21-96533722-1210416067-622281322-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-96533722-1210416067-622281322-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-96533722-1210416067-622281322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not foundFF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) [2013/11/09 20:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions[2013/11/09 20:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2013/11/09 20:48:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - default_search_provider: Yahoo! (Enabled)CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},CHR - homepage: http://search.yahoo.com/?type=714647&fr=spigot-yhp-chCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllCHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllCHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: http://www.facebook.com/ = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo\2012.10.23.2958_0\CHR - Extension: Google Wallet = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()O4 - HKLM..\Run: [jswtrayutil] C:\Program Files (x86)\Wireless\WPS\jswtrayutil.exe ()O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\S-1-5-21-96533722-1210416067-622281322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO15 - HKU\S-1-5-21-96533722-1210416067-622281322-1000\..Trusted Domains: line6.net ([]* in Trusted sites)O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E8995B0-9CE5-45E1-B306-7A31870671C2}: DhcpNameServer = 192.168.1.1O18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/05/31 09:35:27 | 000,000,034 | R--- | M] () - E:\AUTORUN.INF -- [ UDF ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/11/13 18:00:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.com[2013/11/13 12:35:46 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/11/13 12:34:54 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe[2013/11/13 12:25:54 | 000,000,000 | ---D | C] -- C:\_OTM[2013/11/13 12:24:17 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTM.exe[2013/11/13 01:33:47 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/11/13 01:33:47 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/11/13 01:33:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/11/13 01:33:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/11/13 01:33:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/11/13 01:33:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/11/13 01:33:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/11/13 01:33:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/11/13 01:33:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/11/13 01:33:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/11/13 01:33:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/11/13 01:33:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/11/13 01:33:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/11/13 01:33:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/11/13 01:33:41 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/11/12 23:16:22 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes[2013/11/12 23:15:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/11/12 23:15:06 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Malwarebytes' Anti-Malware[2013/11/12 23:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/11/12 23:14:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Programs[2013/11/12 23:02:19 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/11/12 23:02:15 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2013/11/12 23:02:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2013/11/12 23:02:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll[2013/11/12 23:02:14 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll[2013/11/12 23:02:14 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll[2013/11/12 23:02:12 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll[2013/11/12 23:02:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll[2013/11/12 23:02:11 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll[2013/11/12 23:02:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll[2013/11/12 23:02:11 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll[2013/11/12 23:02:10 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll[2013/11/12 23:02:08 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll[2013/11/12 23:02:08 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll[2013/11/12 23:02:08 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL[2013/11/12 23:02:08 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL[2013/11/12 23:01:42 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/11/12 01:19:36 | 000,000,000 | R--D | C] -- C:\Users\Matt\Favorites[2013/11/12 01:04:50 | 001,957,590 | ---- | C] (Farbar) -- C:\Users\Matt\Desktop\FRST64.exe[2013/11/12 00:47:16 | 000,000,000 | ---D | C] -- C:\FRST[2013/11/12 00:25:54 | 000,000,000 | -HSD | C] -- C:\Config.Msi[2013/11/10 00:21:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy[2013/11/10 00:21:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\PACE Anti-Piracy[2013/11/10 00:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy[2013/11/09 23:39:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine[2013/11/09 20:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy[2013/11/09 20:48:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Mozilla[2013/11/09 20:48:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Mozilla[2013/11/09 20:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla[2013/11/09 20:48:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[2013/10/21 18:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2013/10/16 23:22:56 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Cycling '74 ========== Files - Modified Within 30 Days ========== [2013/11/13 18:00:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.com[2013/11/13 17:53:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/11/13 17:43:04 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/11/13 17:43:04 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/11/13 17:40:05 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/11/13 17:40:05 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/11/13 17:40:05 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/11/13 17:36:10 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/11/13 17:35:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/11/13 17:35:43 | 2104,512,511 | -HS- | M] () -- C:\hiberfil.sys[2013/11/13 12:43:46 | 000,891,200 | ---- | M] () -- C:\Users\Matt\Desktop\SecurityCheck.exe[2013/11/13 12:34:58 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Matt\Desktop\JRT.exe[2013/11/13 12:24:18 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTM.exe[2013/11/12 23:01:09 | 001,085,542 | ---- | M] () -- C:\Users\Matt\Desktop\AdwCleaner.exe[2013/11/12 01:04:57 | 001,957,590 | ---- | M] (Farbar) -- C:\Users\Matt\Desktop\FRST64.exe[2013/11/12 00:44:33 | 000,301,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/11/08 02:08:04 | 000,014,848 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2013/10/28 18:57:14 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk[2013/10/21 18:53:15 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk[2013/10/20 23:28:25 | 000,003,453 | ---- | M] () -- C:\Users\Matt\AppData\Local\recently-used.xbel ========== Files Created - No Company Name ========== [2013/11/13 12:43:43 | 000,891,200 | ---- | C] () -- C:\Users\Matt\Desktop\SecurityCheck.exe[2013/11/12 23:00:54 | 001,085,542 | ---- | C] () -- C:\Users\Matt\Desktop\AdwCleaner.exe[2013/10/21 18:53:15 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk[2013/10/20 23:28:25 | 000,003,453 | ---- | C] () -- C:\Users\Matt\AppData\Local\recently-used.xbel[2013/09/04 19:19:43 | 000,000,032 | ---- | C] () -- C:\Windows\GearBox.ini[2013/04/08 21:02:23 | 000,014,848 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012/10/06 14:13:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini[2012/10/06 14:13:43 | 000,025,416 | ---- | C] () -- C:\Windows\Ascd_tmp.ini[2012/10/05 23:36:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asrussian.dll[2012/10/05 23:36:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\askorean.dll[2012/10/05 23:36:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asjapan.dll[2012/10/05 23:36:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asgerman.dll[2012/10/05 23:36:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\asfrench.dll[2012/10/05 23:36:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aseng.dll[2012/10/05 23:36:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\ASCHT.dll[2012/10/05 23:36:49 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\aschs.dll ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/04/15 21:32:06 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.anomos[2013/09/25 23:19:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ableton[2012/12/01 00:54:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Audacity[2013/10/16 23:22:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Cycling '74[2013/01/30 00:33:16 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DAEMON Tools Lite[2013/04/29 19:33:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\EAC[2012/11/28 18:01:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Foxit Software[2013/09/04 19:22:51 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Line 6[2013/11/10 00:21:05 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy[2012/11/23 19:05:14 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Philipp Winterberg[2013/11/12 00:24:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Link to post Share on other sites More sharing options...
somedude Posted November 14, 2013 Author ID:753306 Share Posted November 14, 2013 And here's the second: OTL Extras logfile created on: 11/13/2013 6:47:11 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16736)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 6.32 Gb Available Physical Memory | 79.48% Memory free15.89 Gb Paging File | 13.82 Gb Available in Paging File | 86.95% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 931.51 Gb Total Space | 872.53 Gb Free Space | 93.67% Space Free | Partition Type: NTFSDrive D: | 931.41 Gb Total Space | 807.87 Gb Free Space | 86.74% Space Free | Partition Type: NTFSDrive E: | 7.29 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-96533722-1210416067-622281322-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{05E21CA0-F26F-43BD-8B2C-3ED14326E6BB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{07F2ADE4-0238-4611-A0F5-518DB8E1895E}" = lport=138 | protocol=17 | dir=in | app=system | "{081848F9-68E4-4645-8A76-5C012242B698}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1305C699-ED58-4283-8826-4A5F98BBA150}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1CA92AF2-54E5-4BC0-8E3D-C6AAFBDC0F8D}" = rport=137 | protocol=17 | dir=out | app=system | "{2C95B635-40E3-4206-89E4-1DA797AB92D2}" = rport=139 | protocol=6 | dir=out | app=system | "{31C69CCB-61AF-4F60-A691-FFBBE9A41749}" = lport=2869 | protocol=6 | dir=in | app=system | "{4F4F7BA3-06F7-41FB-9F1D-1A7804B34F3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{69155C3E-F04F-43E4-BBED-55A75B904911}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{6C9B04E5-287D-4E0E-BF49-FA5E29317FBF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6F63A1C1-9338-4888-9775-8CB99C861718}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{7281CC47-F38C-47B0-87E5-2E260040D950}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{889A4C6D-A3A7-4B87-809F-FA115FC3B2F4}" = lport=139 | protocol=6 | dir=in | app=system | "{8B86AA86-9D8E-480F-98C3-6138940835CA}" = rport=10243 | protocol=6 | dir=out | app=system | "{9A61251C-069E-4DD6-917B-51D89C9CE4DD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A8A06AB4-810A-42F3-9BEB-B63BEAADAC1B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF41DE44-EF98-46EA-B180-0EC332AD0D57}" = lport=445 | protocol=6 | dir=in | app=system | "{B954D23A-6E38-47D3-A260-88B07377723D}" = lport=10243 | protocol=6 | dir=in | app=system | "{CF375FCC-1FAE-4AA4-BE7F-F61A0FC4F3D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{D18FACD7-1216-4156-B333-32D826ED0684}" = rport=138 | protocol=17 | dir=out | app=system | "{E3C09F7C-2DB2-4FAD-AAAF-FEBF13B8E155}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ED89AB0C-CB57-435C-B15A-2475E168FB16}" = lport=137 | protocol=17 | dir=in | app=system | "{F99A3EB5-9B77-44D4-A055-00098632A544}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{FC34D5DA-DD05-406C-B8BD-486362B8294E}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0B5D9B06-19AF-4F18-A8C9-A701D0213A39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{14F20A7E-BE86-4D32-BB0B-EB8C437F7911}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1C5AC64A-6DCC-4DFC-8C29-F791CB250AFA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{27E0F965-1E8B-4503-B899-3E68B965C79C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{304BF473-623F-4433-96C4-302DAFEFF8CD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{333C122B-D763-4740-A049-D2EB6F6C66A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{33A40172-0AF5-4E11-91BE-5B5FD64B54DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{37BD303B-D4C7-4345-8699-8F67D47998C4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{46CA772D-AB0A-4C1A-A6F4-5629D9D50FEC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4C419783-D889-4606-B14A-EE88E177F18D}" = protocol=6 | dir=out | app=system | "{4C8D76A0-008A-4EB3-8629-D51E48AF4692}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5034F89E-6F5C-4247-B077-253A05D18DDC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5A60389F-290A-482B-A96C-0C941779D5FD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{697FAE54-F1D6-4460-8C79-1DC6C44FAEB1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{6D924BBC-491B-46E2-A66E-B92B79AD7475}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6F2A82A4-2242-402A-B542-6DAB43F7E5FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{862C1997-EEFB-4FE7-A977-B85BB61DFAF3}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{A2843622-0A74-4F61-8291-C28FB7E2E79F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{A4BF5A5B-E369-433C-BBD3-2EA4029E5FB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AEB56E0A-30EE-4DC8-B6F2-F6074134AC55}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{B35B00D4-9EA1-4C7C-8E6D-70333E675BC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{B90642A7-37CE-4B8A-A589-AF78C1D82654}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BE32BDB0-8244-4031-8FCE-63238659AD68}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C72E585E-D8EE-4154-AF43-BBF5475CD032}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{D05A8576-F2A9-4500-A9E6-7ED1B37E6B57}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D0D08B43-9C19-4420-A584-8489D40D6838}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{D9078635-5AC7-4D0D-9115-D13ABC84239D}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | "{DB9C98EF-3020-40A1-9F7B-8385A697EDA8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{DC98D756-DB44-4EB7-970A-A6E5F773119D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{E67DBA29-CFCD-4E4B-B4E3-3D98D242DE29}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F5EB1CAB-8670-4F72-9F9D-25EA8C789DC1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | "{F8EEB2F0-187E-4531-BDED-9FC28171D53A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "TCP Query User{3EB13878-E157-4151-A878-26F7DE6FF658}C:\users\matt\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\matt\downloads\utorrent.exe | "TCP Query User{D385D3DF-A38E-4BF9-8BDC-D6B9A597F45C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{F7249E5E-E967-404A-BC11-E6DAD5DE31CB}C:\users\matt\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\matt\downloads\utorrent.exe | "UDP Query User{1EA90439-6DF8-4C69-A16A-297062CA1038}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{2203A5B4-47E5-4BA1-B6E3-2D4F0679C429}C:\users\matt\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\matt\downloads\utorrent.exe | "UDP Query User{F453807A-B26D-4BE7-B017-5F0E3F6EEE99}C:\users\matt\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\matt\downloads\utorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"GIMP-2_is1" = GIMP 2.8.2"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform"{05DC65EA-6511-4626-A910-35CB047F8213}" = WPS Installation Program"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack"{1A1FA4C1-2701-401C-8CE1-FDDE45304FF5}" = ASUS nVidia Driver"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10"{287EAC0F-6C96-4712-97A6-958510872CBB}" = Utility"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{AF31A19F-EC05-4494-969F-584B02DF16FF}" = Wireless N Client Utility"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe Shockwave Player" = Adobe Shockwave Player 12.0"Audacity_is1" = Audacity 2.0.2"Foxit Reader_is1" = Foxit Reader"Free RAR Extract Frog" = Free RAR Extract Frog"Google Chrome" = Google Chrome"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor"Line 6 Uninstaller" = Line 6 Uninstaller"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8l Light (32-bit)"PS3 Media Server" = PS3 Media Server"TeamViewer 8" = TeamViewer 8"VLC media player" = VLC media player 2.0.8"WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ System Events ]Error - 11/13/2013 7:38:01 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7038Description = The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: %%1330 To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error - 11/13/2013 7:38:01 PM | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000Description = The NVIDIA Update Service Daemon service failed to start due to the following error: %%1069 < End of report > Link to post Share on other sites More sharing options...
kevinf80 Posted November 14, 2013 ID:753320 Share Posted November 14, 2013 Re-Run by double left click, Vista and Widows 7 users accept UAC alert.Under the box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL:OTLCHR - default_search_provider: Yahoo! (Enabled)CHR - default_search_provider: search_url = http://search.yahoo....&type=714647&p={searchTerms}CHR - default_search_provider: suggest_url = http://ff.search.yah...fxjson&command={searchTerms},CHR - homepage: http://search.yahoo....r=spigot-yhp-ch:Filesipconfig /flushdns /c:Commands[emptytemp][CREATERESTOREPOINT][Reboot] Then click button at the top Let the program run unhindered, when done it will say "Fix Complete press ok to open the log" Please post that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Does that clear Yahoo search from Chrome? Link to post Share on other sites More sharing options...
somedude Posted November 14, 2013 Author ID:753337 Share Posted November 14, 2013 Unfortunately, it's still there. After I do a search from the top bar of my browser, if I just make the search field blank and hit search, this is the url that comes up: http://search.yahoo.com/web?fr=chr-greentree_gcAnd here it is if I search for the word "fun": http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p=fun I'm not sure if any of that information is helpful or not. Also, I had to reboot at the end of the scan. Here are the results: All processes killed========== OTL ==========Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to remove the default_search_provider items.Use Chrome's Settings page to change the HomePage.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Matt\Desktop\cmd.bat deleted successfully.C:\Users\Matt\Desktop\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Matt->Temp folder emptied: 2621117 bytes->Temporary Internet Files folder emptied: 128 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytes->Google Chrome cache emptied: 9665577 bytes->Flash cache emptied: 0 bytes User: Navi->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Google Chrome cache emptied: 0 bytes User: Public User: UpdatusUser->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 2060 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 12.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11132013_201709 Files\Folders moved on Reboot...C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Again, thank you so much for your time. Link to post Share on other sites More sharing options...
kevinf80 Posted November 14, 2013 ID:753441 Share Posted November 14, 2013 Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html[/url Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field.standardsearch;autoclean;emptyclsid;Chromelook;CHRdefaults; Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply….. Link to post Share on other sites More sharing options...
somedude Posted November 15, 2013 Author ID:753808 Share Posted November 15, 2013 Thank you again. Here is the log: Zoek.exe Version 4.0.0.5 Updated 14-November-2013Tool run by Matt on Thu 11/14/2013 at 18:55:50.79.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Matt\Desktop\zoek.com [script inserted] ==== System Restore Info ====================== 11/14/2013 6:56:24 PM Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-96533722-1210416067-622281322-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF059E31-CC5A-4E2E-BF3B-96E929D65503} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\SysWOW64\ASDR.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeC:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exeC:\Program Files (x86)\Wireless\WPS\jswtrayutil.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Program Files (x86)\TeamViewer\Version8\tv_w32.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601)Memory (RAM): 8138 MBCPU Info: AMD FX-4170 Quad-Core ProcessorCPU Speed: 4308.8 MHzSound Card: Speakers (Realtek High Definiti | Realtek Digital Output(Optical) | Realtek Digital Output (Realtek | Display Adapters: NVIDIA GeForce GTX 550 Ti | NVIDIA GeForce GTX 550 Ti | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display DriverMonitors: 1x; Generic PnP Monitor | Screen Resolution: 1360 X 768 - 32 bitNetwork: Network PresentNetwork Adapters: 450Mbps Dual-Band Wireless N Adapter | Realtek PCIe GBE Family ControllerCD / DVD Drives: 2x (E: | J: | ) E: HL-DT-STDVDRAM GH24NS90 | J: DTSOFT BDROMPorts: COM1 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse PresentHard Disks: C: 931.5GB | D: 931.4GBHard Disks - Free: C: 883.5GB | D: 807.9GBManufacturer *: American Megatrends Inc.BIOS Info: AT/AT COMPATIBLE | 10/20/10 | ACRSYS - 1072009Time Zone: Central Standard TimeMotherboard *: ASUSTeK COMPUTER INC. M5A99X EVOCountry: United States Language: ENU ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated)Default Browser: Google Chrome 30.0.1599.101Internet Explorer Version: 10.0.9200.16736 Google Chrome version: 30.0.1599.101Sun Java version: 1.7.0_10 (32-bit) Shockwave Player version: 12.0r112 ==== Files Recently Created / Modified ====================== ====== C:\Windows ========== C:\Users\Matt\AppData\Local\Temp ========== Java Cache =========== C:\Windows\SysWOW64 =====2013-11-13 07:33:48 FED1803F2F9C4BDBA8267EA2DE47CFE2 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb2013-11-13 07:33:47 FEB2F07A980A9844AD1B5E886C9B5338 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll2013-11-13 07:33:47 E841206E319069920C394A5E3842568F 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll2013-11-13 07:33:47 8D98D99DC6D4033591354156CEB25153 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll2013-11-13 07:33:47 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-11-13 07:33:47 70F131E94E1B4496469A563C85279192 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll2013-11-13 07:33:46 DA5374911037841F81072A4DCBB02D93 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll2013-11-13 07:33:46 AD6639EF2BD655C7E630B6BCF7203463 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll2013-11-13 07:33:45 6AD683FF326836EB6AE63B1F144A4F9D 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll2013-11-13 07:33:41 D42525513055C0A65FD4BEFAFACEB134 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll2013-11-13 07:33:41 A5897063A4B6796EFB7B34CEC5BC739F 1138176 ----a-w- C:\Windows\SysWOW64\urlmon.dll2013-11-13 07:33:40 98B05ADD60BAA432E708BAFEBE5B1D70 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll2013-11-13 07:33:40 5FD4335DCD343D0FEA9FA6B18ED408D9 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll2013-11-13 07:33:39 1191434BB424F18C2609AB5C955DD14E 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll2013-11-13 07:33:35 02A04841906A8892AD6CC7BDBCB5F61D 14355968 ----a-w- C:\Windows\SysWOW64\mshtml.dll2013-11-13 05:02:19 CC09E0C9A2D89C6E71D093DC8BD121B7 1168384 ----a-w- C:\Windows\SysWOW64\crypt32.dll2013-11-13 05:02:14 EE7CB55F77465CDAC4C80F587FF7C278 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll2013-11-13 05:02:14 E9BB0CD09DA17C71FD1B9954D75AEEF7 168960 ----a-w- C:\Windows\SysWOW64\credui.dll2013-11-13 05:02:14 4BCC63ED1C3D15B2635A8AE2B854B3EB 152576 ----a-w- C:\Windows\SysWOW64\SmartcardCredentialProvider.dll2013-11-13 05:02:12 AA6F6457116B559B76BC6A012CB4C293 247808 ----a-w- C:\Windows\SysWOW64\schannel.dll2013-11-13 05:02:11 AD7FB087A238883D1618F29F7BBBD584 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll2013-11-13 05:02:11 42B924C5F3924C1EB2539F22C10D7DF1 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll2013-11-13 05:02:11 372948BB5E41CE42341C4398DE572E56 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll2013-11-13 05:02:10 56E3313690866F99CD17AA1342F64AE1 311808 ----a-w- C:\Windows\SysWOW64\gdi32.dll2013-11-13 05:02:08 F0D0E883EBBDC7615DC9EDEA0FFB2817 216576 ----a-w- C:\Windows\SysWOW64\FWPUCLNT.DLL2013-11-13 05:02:08 CE2A48CD0D2B39FB77FA4797C6434E71 656896 ----a-w- C:\Windows\SysWOW64\nshwfp.dll====== C:\Windows\SysWOW64\drivers =========== C:\Windows\Sysnative =====2013-11-13 07:33:48 668653D2C9ED9E7529386DD8138FAAEB 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb2013-11-13 07:33:47 F08BF4FC30F31350DCAB06F2B59ED1E9 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll2013-11-13 07:33:47 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe2013-11-13 07:33:47 8D0D46B480BB260FA2AEA1201F15E784 526336 ----a-w- C:\Windows\Sysnative\ieui.dll2013-11-13 07:33:47 59AD440EFC7A653B55D5DC34E75960B2 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll2013-11-13 07:33:47 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe2013-11-13 07:33:47 2CA49EB6296DBC1A5CEE141009A6F757 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll2013-11-13 07:33:46 A96B3E9D360DE75B09EE77698A54412B 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll2013-11-13 07:33:46 1E47964351EA38C20A8E28B413769C80 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll2013-11-13 07:33:45 EFB4937249C7E4D57F69CC4B1986BC4B 855552 ----a-w- C:\Windows\Sysnative\jscript.dll2013-11-13 07:33:41 90868BDD4047BF951E03620961945149 3959808 ----a-w- C:\Windows\Sysnative\jscript9.dll2013-11-13 07:33:40 F13305A81317DDAEA3968D2D8EC0C0A4 1364992 ----a-w- C:\Windows\Sysnative\urlmon.dll2013-11-13 07:33:40 B83DB27D36C697760E0D33AE0CF76AAD 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll2013-11-13 07:33:39 9706C99DAEBE3FEAC811B239617E98C4 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll2013-11-13 07:33:38 9991ABD246ED906CF420B2CA08BF685A 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll2013-11-13 07:33:37 25C356A79B7002E0A20AAF592ED59DE4 19269632 ----a-w- C:\Windows\Sysnative\mshtml.dll2013-11-13 05:02:19 780F6ECC4F55D76C9730E6B6C9B31913 1474048 ----a-w- C:\Windows\Sysnative\crypt32.dll2013-11-13 05:02:15 34152997FB906895290E0199AC94B85F 1930752 ----a-w- C:\Windows\Sysnative\authui.dll2013-11-13 05:02:14 8563BA40DF4F1E93A61B70E2C8B60CF8 190464 ----a-w- C:\Windows\Sysnative\SmartcardCredentialProvider.dll2013-11-13 05:02:14 4403D5ECE7D8323CAF1207D1AA38FA01 197120 ----a-w- C:\Windows\Sysnative\credui.dll2013-11-13 05:02:12 31FFED18C7B836CEC1B559347E32E151 340992 ----a-w- C:\Windows\Sysnative\schannel.dll2013-11-13 05:02:12 086F906B1D30C0A5D35FE0F6362DAB21 1447936 ----a-w- C:\Windows\Sysnative\lsasrv.dll2013-11-13 05:02:11 B08EA91C774AA734E0B9881F85CD9F42 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll2013-11-13 05:02:11 7C46EC9CCDE6E793713FA01DB2EB918E 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll2013-11-13 05:02:11 747B9BA5412422F27934CB21131F0A3E 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll2013-11-13 05:02:11 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\Sysnative\lsass.exe2013-11-13 05:02:11 208EAAFF40DA400190AA0605C797BEA2 28160 ----a-w- C:\Windows\Sysnative\secur32.dll2013-11-13 05:02:10 56325BB1FF19F2A5AC8713756AC41140 404480 ----a-w- C:\Windows\Sysnative\gdi32.dll2013-11-13 05:02:08 D07EB640618F96490DB88C3CE58DB608 324096 ----a-w- C:\Windows\Sysnative\FWPUCLNT.DLL2013-11-13 05:02:08 660C06F663F27760F565FD567B57625C 830464 ----a-w- C:\Windows\Sysnative\nshwfp.dll2013-11-13 05:02:08 344789398EC3EE5A4E00C52B31847946 859648 ----a-w- C:\Windows\Sysnative\IKEEXT.DLL====== C:\Windows\Sysnative\drivers =====2013-11-13 05:15:06 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys2013-11-13 05:02:16 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\Sysnative\drivers\afd.sys2013-11-13 05:02:12 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\Sysnative\drivers\cng.sys2013-11-13 05:02:12 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys2013-11-13 05:02:12 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys====== C:\Windows\Tasks ============ C:\Windows\Temp ============= C:\Program Files ============ C:\PROGRA~2 ============ C: =========== C:\Users\Matt\AppData\Roaming ======2013-11-13 05:14:11 -------- d-----w- C:\Users\Matt\AppData\Local\Programs2013-11-10 06:21:04 -------- d-----w- C:\Users\Matt\AppData\Roaming\PACE Anti-Piracy2013-11-10 06:21:04 -------- d-----w- C:\Users\Matt\AppData\Local\PACE Anti-Piracy2013-11-10 02:48:49 -------- d-----w- C:\Users\Matt\AppData\Roaming\Mozilla2013-11-10 02:48:49 -------- d-----w- C:\Users\Matt\AppData\Local\Mozilla2013-10-21 05:28:25 6842F32174EFA2FBA02661AC038E1ED1 3453 ----a-w- C:\Users\Matt\AppData\Local\recently-used.xbel2013-10-17 05:22:56 -------- d-----w- C:\Users\Matt\AppData\Roaming\Cycling '74====== C:\Users\Matt ======2013-11-14 00:00:39 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Matt\Desktop\OTL.com2013-11-13 18:34:54 86FB5E8D5D1E3E405C46CCBF991E6FD4 1034531 ----a-w- C:\Users\Matt\Desktop\JRT.exe2013-11-13 18:24:17 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\Matt\Desktop\OTM.exe2013-11-13 05:13:55 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300.exe2013-11-13 05:00:54 9812917FE2FCDEA2FD800573D7842E5D 1085542 ----a-w- C:\Users\Matt\Desktop\AdwCleaner.exe2013-11-12 07:19:36 -------- d-----r- C:\Users\Matt\Favorites2013-11-12 07:04:50 87D65511761F98DAC3F53404FAD9E7FA 1957590 ----a-w- C:\Users\Matt\Desktop\FRST64.exe2013-11-10 06:21:04 -------- d-----w- C:\ProgramData\PACE Anti-Piracy2013-11-10 02:48:38 -------- d-----w- C:\ProgramData\Mozilla2013-11-10 02:48:11 6CC7D19CADEBAAD3487F4D1025AAA75E 282784 ----a-w- C:\Users\Matt\Downloads\Firefox Setup Stub 25.0.exe2013-10-22 00:53:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN ====== C: exe-files ==2013-11-14 07:42:08 799F1B95526EB6FE7A4159112CD10B6D 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-96533722-1210416067-622281322-1000\$IYVPHLM.exe2013-11-14 07:41:10 ABD4E1FE3AD79F55209D8A9E4010A8CB 1361993 ----a-w- C:\$Recycle.Bin\S-1-5-21-96533722-1210416067-622281322-1000\$RYVPHLM.exe2013-11-13 18:34:54 86FB5E8D5D1E3E405C46CCBF991E6FD4 1034531 ----a-w- C:\Users\Matt\Desktop\JRT.exe2013-11-13 18:24:17 ABE171BFF8277921FD92BF5DEC76F363 522240 ----a-w- C:\Users\Matt\Desktop\OTM.exe2013-11-13 07:33:47 9F1D74E792DADA30809FCA64F705C042 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-11-13 07:33:47 8317DD8D4095FE4076E9F6EC3A747940 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-11-13 07:33:47 3E86B4126D4CD0D9CA5B78DBE9F8D7CB 51712 ----a-w- C:\Windows\System32\ie4uinit.exe2013-11-13 07:33:46 D7D5768B8A697FCBAEE2CFE137070F02 770736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe2013-11-13 07:33:46 39D0074C59F6D1A62731942C7FA8B60B 775344 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe2013-11-13 05:13:55 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Matt\Downloads\mbam-setup-1.75.0.1300.exe2013-11-13 05:02:11 4D71227301DD8D09097B9E4CC6527E5A 30720 ----a-w- C:\Windows\System32\lsass.exe2013-11-13 05:00:54 9812917FE2FCDEA2FD800573D7842E5D 1085542 ----a-w- C:\Users\Matt\Desktop\AdwCleaner.exe2013-11-12 07:04:50 87D65511761F98DAC3F53404FAD9E7FA 1957590 ----a-w- C:\Users\Matt\Desktop\FRST64.exe2013-11-10 06:48:04 FF956BB147F6EABCAB2E6BE717668DF3 2936832 ----a-w- C:\FRST\Quarantine\ffmpeg16.exe2013-11-10 02:48:11 6CC7D19CADEBAAD3487F4D1025AAA75E 282784 ----a-w- C:\Users\Matt\Downloads\Firefox Setup Stub 25.0.exe=== C: other files ==2013-11-14 00:00:39 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Matt\Desktop\OTL.com2013-11-13 05:15:06 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-11-13 05:02:16 79059559E89D06E8B80CE2944BE20228 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-11-13 05:02:12 EBF28856F69CF094A902F884CF989706 458712 ----a-w- C:\Windows\System32\drivers\cng.sys2013-11-13 05:02:12 8F489706472F7E9A06BAAA198703FA64 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2013-11-13 05:02:12 868A2CAAB12EFC7A021682BCA0EEC54C 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]"mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ASUSGamerOSD"="C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exe""JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe""LifeCam"="C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe""jswtrayutil"="C:\Program Files (x86)\Wireless\WPS\jswtrayutil.exe""SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/06/2012 02:05 PM]C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/06/2012 02:05 PM] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Chrome Look ====================== YouTube - Matt - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Matt - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfhttp //www.facebook.com/ - Matt - Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindoGoogle Wallet - Matt - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaGmail - Matt - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaediaYouTube - Navi - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Navi - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfChrome In-App Payments service - Navi - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaGmail - Navi - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files (x86)\ASUS\GamerOSD\GamerOSD.exeO4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exeO4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\Wireless\WPS\jswtrayutil.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: *.line6.netO16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/select/asusTek_sys_ctrl3.cabO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: ASDR - Unknown owner - C:\Windows\SysWOW64\ASDR.exeO23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: JumpStart Push-Button Service (jswpbapi) - Wireless - C:\Program Files (x86)\Wireless\WPS\jswpbapi.exeO23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Wireless - C:\Program Files (x86)\Wireless\WPS\jswpsapi.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfullyC:\Users\Navi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\Matt\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Thu 11/14/2013 at 19:06:29.81 ====================== Link to post Share on other sites More sharing options...
kevinf80 Posted November 15, 2013 ID:753814 Share Posted November 15, 2013 Does the search issue still stand? Link to post Share on other sites More sharing options...
somedude Posted November 15, 2013 Author ID:753815 Share Posted November 15, 2013 Wow! It's gone!!! Thank you so very much!!! Link to post Share on other sites More sharing options...
kevinf80 Posted November 15, 2013 ID:753817 Share Posted November 15, 2013 I`ve just installed Chrome to have a look at its search set up, maybe you can do this in future: Open Chrome > select the "Customize and Control Chrome" icon (stack of plates) top right hand corner > from the list select "Settings" In the new window scroll to "Search" section. Set your preferred search engine with the two available tabs.... What is the status of your system now, any remaining issues or concerns... Link to post Share on other sites More sharing options...
somedude Posted November 15, 2013 Author ID:753859 Share Posted November 15, 2013 It's still looking good. The only thing I'm concerned about is hooking back up my external drive. I've created a system restore point, so hopefully if something happens, I'll just be able to revert to that. But I'll scan the drive first. Probably open it with my old laptop first. Link to post Share on other sites More sharing options...
kevinf80 Posted November 15, 2013 ID:753898 Share Posted November 15, 2013 We need to remove FRST, first it is very important to deal with its Quarantine folder using FRST itself..OK, we continue:Delete any fixlist.txt file previously used, continue: Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful. Next, Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST Also delete any files related to Zoek... Next, Uninstall adwcleaner.exe Please close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Uninstall Click Yes at Would you like to Uninstall Adwcleaner Next, Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.Double click icon to start the program.If you are using Vista or Windows 7 accept UACThen Click the big button.You will get a prompt saying "Begining Cleanup Process". Please select Yes.Restart your computer when prompted.This will remove tools we have used and itself. Any tools/logs remaining on the Desktop or downloads folder can be safely deleted. Let me know if those steps complete, also if any remaining issues or concerns... Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Kevin Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 17, 2013 Root Admin ID:754716 Share Posted November 17, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts