Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Software Support needs Support with Malware [Closed]

Started by jessie-jay , Mar 11 2012 02:12 PM

  • This topic is locked This topic is locked

#1
jessie-jay
Posted 11 March 2012 - 02:12 PM

jessie-jay

    New Member

  • Member
  • Pip
  • 6 posts
Hi, need some help with malware that cannot get cleaned. Security essentials will not finish on my computer. It starts goes thru most of the scan and then throws up a screen that shows everything is ok It also never displays any history. The other software that I believe is compromised is the event viewer, firewall, and help. I have reinstalled vista to no avail. I am thinking there could be something in my bios and probably the boot record. Any help would be much appreciated. I support financial software for a living so work with computers every day. I should be able to keep up with all instructions from you fairly well. Thank you. I have run malware bytes and received three hits, yet security essentials still would not finish after cleaning. I will include that log at the end of the post. Thank you for your time.

OTL logfile created on: 3/11/2012 12:20:17 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Jessie\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 59.77% Memory free
3.23 Gb Paging File | 2.35 Gb Available in Paging File | 72.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 82.10 Gb Free Space | 55.08% Space Free | Partition Type: NTFS

Computer Name: JESSIE-JPC | User Name: Jessie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jessie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
PRC - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (iolo technologies, LLC)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FlipShareServer) -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe ()
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (IpInIp) -- File not found
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\ElRawDsk.sys (EldoS Corporation)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 97 F4 FA 4D E4 CC 01 [binary data]
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/11/27 03:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/26 15:44:55 | 000,000,000 | ---D | M]

[2011/12/07 18:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessie\AppData\Roaming\Mozilla\Extensions
[2012/02/10 02:06:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\d7s565l6.default\extensions
[2012/02/10 02:06:51 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\d7s565l6.default\extensions\[email protected]
[2012/01/15 22:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/17 12:37:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/02/17 12:37:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/17 07:11:16 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/02/17 07:11:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 07:11:16 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/02/17 07:11:16 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/02/17 07:11:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/02/17 07:11:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/02/17 07:11:16 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-489228306-4025107843-2908743543-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O4 - Startup: C:\Users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-489228306-4025107843-2908743543-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileSharing = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07B460D6-9C6B-47B3-A8BB-161D3C5D2C31}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jessie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jessie\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/11 00:03:28 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Jessie\Desktop\OTL.exe
[2012/02/26 15:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/02/26 15:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/02/24 22:10:14 | 000,000,000 | ---D | C] -- C:\Program Files\Flip Video
[2012/02/24 20:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Flip Video
[2012/02/17 03:06:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/17 03:06:55 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/17 03:06:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/17 03:06:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/17 03:06:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/17 03:06:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/16 16:48:09 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/03/11 00:03:36 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Jessie\Desktop\OTL.exe
[2012/03/10 23:50:52 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 23:50:52 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 23:09:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 19:55:43 | 000,675,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/10 19:55:43 | 000,130,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/10 19:50:44 | 1599,512,576 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 22:17:03 | 000,039,516 | ---- | M] () -- C:\Users\Jessie\Desktop\Scanned from MFP-04425973 03_08_2012 15_20.eml
[2012/03/08 22:16:43 | 000,027,961 | ---- | M] () -- C:\Users\Jessie\Desktop\DOC030812.pdf
[2012/03/08 21:36:28 | 000,039,516 | ---- | M] () -- C:\Users\Jessie\Desktop\Scanned from MFP-04425973 03_08_2012 15_20 (1).eml
[2012/03/06 22:43:54 | 000,382,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/02 00:09:58 | 000,167,369 | ---- | M] () -- C:\Users\Jessie\Desktop\CouleeCons.zip
[2012/02/26 15:44:45 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/24 22:10:35 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2012/02/24 22:07:19 | 000,006,144 | ---- | M] () -- C:\Users\Jessie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/18 13:48:12 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/03/08 22:17:02 | 000,039,516 | ---- | C] () -- C:\Users\Jessie\Desktop\Scanned from MFP-04425973 03_08_2012 15_20.eml
[2012/03/08 22:16:44 | 000,027,961 | ---- | C] () -- C:\Users\Jessie\Desktop\DOC030812.pdf
[2012/03/08 21:36:27 | 000,039,516 | ---- | C] () -- C:\Users\Jessie\Desktop\Scanned from MFP-04425973 03_08_2012 15_20 (1).eml
[2012/03/02 00:09:58 | 000,167,369 | ---- | C] () -- C:\Users\Jessie\Desktop\CouleeCons.zip
[2012/02/26 15:44:45 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/02/24 22:10:35 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlipShare.lnk
[2012/02/24 22:10:35 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2012/02/18 05:02:54 | 1599,512,576 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/09 20:43:29 | 000,027,503 | ---- | C] () -- C:\Users\Jessie\AppData\Roaming\UserTile.png
[2012/01/08 23:53:28 | 000,006,144 | ---- | C] () -- C:\Users\Jessie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/04 07:14:08 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/11/28 12:59:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/11/28 12:59:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/11/28 12:58:06 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/11/25 23:41:53 | 000,000,680 | ---- | C] () -- C:\Users\Jessie\AppData\Local\d3d9caps.dat
[2011/11/25 21:56:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== LOP Check ==========

[2011/12/06 02:12:13 | 000,000,000 | ---D | M] -- C:\Users\alan-jay\AppData\Roaming\iolo
[2011/12/06 02:17:23 | 000,000,000 | ---D | M] -- C:\Users\alan-jay\AppData\Roaming\OverDrive
[2012/01/14 10:47:16 | 000,000,000 | ---D | M] -- C:\Users\alan-jay\AppData\Roaming\SoftGrid Client
[2011/12/12 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\Canon
[2011/12/13 05:29:43 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\iolo
[2011/11/26 22:36:59 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\OverDrive
[2012/01/09 20:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\PeerNetworking
[2012/03/10 04:00:24 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\SoftGrid Client
[2012/01/08 22:00:44 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\TP
[2012/02/09 02:18:56 | 000,000,000 | ---D | M] -- C:\Users\Sylvia\AppData\Roaming\iolo
[2012/03/10 19:49:34 | 000,026,900 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 912 bytes -> C:\Users\Jessie\Desktop\Scanned from MFP-04425973 03_08_2012 15_20.eml:OECustomProperty
@Alternate Data Stream - 912 bytes -> C:\Users\Jessie\Desktop\Scanned from MFP-04425973 03_08_2012 15_20 (1).eml:OECustomProperty

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 11 March 2012 - 02:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there nothing jumps out at me so lets have a rummage around

Download aswMBR.exe ( 4.1mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

THEN

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#3
jessie-jay
Posted 11 March 2012 - 08:39 PM

jessie-jay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for helping me, sorry for the delay. I did not think I would be picked up so fast. The avast software blue screened the computer with the following explanation.

data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAVQAAACfCAIAAAApqLYhAAAOSUlEQVR4nO2dO5KzvBKGWRfrOaV9zA7YgLfBKlzlyBHldL7M9WcTcgJAaqlbFzBgoN+nHHgaSej26gJqT9VXFT744KPw8/0c4IMPPl/5TN8AAHqA+AFQSij+f7+1uVf28/PbFSb0eFXmXrd/eePnbJQsAKqQxT9o/vGqzL26vYsSOqP4H6/K3M1jjSwBcDpS4h++H1D8K9He7hA/0Et25q/bP38v8GqnS8Nn1PYQ+Paq6X6Bip8mQgeXn+dkf5rbcwwQjjhvY+Pe3jTZrn1WZJ9iHlPebLL0XsQyKD+Rpnn0QsF5KY49wAEQJbPnH0Q4Gp/Nv77vve2A08koud9uMtbtHxHG2wSp3d50oBk1fHv3/V/zQ+7V9/0oVGKxyRLhuWmc5cSb28Uovp2J395aKgXED05Kaua3+EZPM6IGuJGsFNywQrYVbrzgUifTu7fKaP9oTsJhiCVLx7V54re1IZYCgJOyj/g9EQbJFoi/74nwfn67+eIfQkYXC32R+OVSAHBSFohf1om42A6fGrzaMYXf5t9M8ff9uOom4iexhs1CTPxvu5WgN/I2BSSWGxSCgoulwLIfnJQl4u+jD/zC9XDsgd+g7WLxk4dzz0Bv9lL9k1z2T9kbgk1anZ4jumcNflK84LwUED84KZc54Sc82wMAJLiK+KcdwbfzAcBpOLn4yft/KB+AWZxc/ACApUD8ACgF4gdAKQXib01lqZvSjXVrhMCicS40P5VpP0wtkr6X7irZVoLYOvMr0CWzQQuDgTLxjy3XNXVxI24q/rWkGM1kXdNOB/GXQ+qqa6ZanFmBLmLfd00D9W/ELPHPacVzi79pm9pdgfjLEXvLzApEfe/DUvG3pqqNqcdVWdfU4kqvHe1T/GBaoDG88KZ111k3CLoGnSbIRTH9xpA0yQJVWuST27ivbDVakO0gJxfv2X610VoKR4F0Z+CVJNSj1APdkiHXAdSzdNlPm6c1tspdiNbYOvaMrBO0xkmRRaVpk/z4qnWdzH6NpO+6VmI5yjPJg9FL6WyznFxf/HxMTYufN1ZvtUul7Fdb0AN5c5d0AN3MfODHm1OYevkEFxrJSmFKNba5SAiPWqZWDaf9dPq5vcmYsG+p6OSRy7aQk2sTdIzEMFpQRV0zzux+H5Nu5Kcwo4MpZuayXzLmxW9D0PaOt+Vs8fddU9dN19l9emn62QcTQ0I82/ZWJeK/vuIJyXafX0Xjxbz4/aszOphiVhB/uOxn2zbhqS/f1H0k/r5r6tqYmi5MStLPFs3OKv5aUpjTErfw73Hxjpee+YkoXcXwKmro8GFHiGSDJjYFYvgrt0Epa4ifrru8+jWm9pdykaXa7GW/w0uOrRiz6Y9pJd/qd01Nn15UVVXVxhTO/DwnF+94tHWk2rDXjUl2Br4LcEbhwWmYQnkHUwxO+AGgFIgfAKVA/AAoBeIHQCkQPwBKgfgBUEqp+MnLl/CtNXsn0/N3Ka2ZfdRljgshOBC2SwhHsYSuEonFAycsPMUPL/Ecslj0VaJ34EAsu3Ty4OsUid/LNxFlwvXSV/sC7YNTEh+ybWcRTt+xWDywEN2eBeJn9RddSuWQx5KPFYplHw6hmMMdLigQPyslP7WZiQTtayHeI0iHYB2KxeKBU9GTHbH8UvoWLFa+FOU5+RJ58csDdeyUrhSNal9ytJwcM+O+rzGX4cBD83jVqwyvUYIJN37AjsfigZPn8zr64ws+My6VHQG0scJTrYmy59L8FkXilzZvgdu0uEmytSIc7yWOlk668kga+A44Y+ihebzqVUZrqrpuRLdZ2rqC+P1YPHAiemKannUpcYtUgtPB8kTZ02l+j89mfhqGFXcMRQKnHS3JGfq+72Prq1bwGjxetSqFNkTQb3IzvxdrxswvC23JpXyPiiTIcygOOsfrpR/t+fM2//ewCnZrw/iQ8P+F+A9MIIBgfqajfLAoCGLxwHL0tSb9XA7TCYriz/nCHYHip/2St6zgeukxKNmfzBOOli7WtCMQl/2BdzD5frzq1YZrKu/buAJkj8nHSzxW2dN+3tyJnpC/lMhhomvZPp0oex9+PwYL3vP7aznB6uBjQsLR0iXGKi7iMgzxHw/bVLylrEM0XbMHT8+8VaIfOLAEe0i6Hlx2KZFDHotYeA7DsvvRj9NFccIPAKVA/AAoBeIHQCkQPwBKgfgBUArED4BSlv567zKySdF3LeQ94pHej4AM4WEO5ifLXxDnXhmDTTiY+GmY4E0++sXxEXxXhVM6XXg0l1vAHpxE/GkvS3AoIqfc5cPdWQvYjIXiF3xsPas75hgu7/ihvdhp/4jzFo7xHZ3YmVbJj4P/HAa0vxuLxC/62MZ/w0XQs3eqN3LaH+I/KYHguZ/sNPA7nXML2J4l4hfd7GJejN4DO+qoFx6wZrfj4ofoT0HpzC/s8LHn35MNxe8sXfg/bUt+Jgl7/rMScW4t+vktrOt2ZI1lv1W4H85b5fFlf/kewb8jusfR8VpI8pMVA0YsYDvKxM/etws+tl5I29xVFfmftqFvb+9Zw/f8/m8CoH8cFNF3NeGK66YNvOb/AjjhB4BSIH4AlALxA6AUiB8ApUD8ACgF4gdAKRA/AEqB+AFQCsQPgFIgfgCUAvEDoBSIHwClQPwAKAXiB0ApED8ASoH4AVAKxA+AUiB+AJQC8QOgFIgfAKVA/AAoRRb/v9/a3CtzNw8hStc++SVnfLwqc6/bvzBazD4LnkhBsu3tXpl79fO702/+rlLSjVKLMbT47b3tXQbEEu1TTEARxT8oOdYYM8T/eLmQXxL/kLHNe9XqJfVT/ig1mreYHeJXiCT+v+bnXv28zI88W2bETximXHH5sJD5XUTM2OqsX1LLx6qI5c2zQ/wKEcT/77c297r969pnZZ7Nv9FslwMV2REIxqkVx8X28Lm9+YrAW1wMlp/nsN0YB51p9+EsiZlfSsHL3tCz+a3pXcyrHf606ZinuT29FFiuViipJVbk2ysMH0l5+G6HvDBvE6E9KLW9C89PUPNBxoLKTOQziEgrjd802ygYOxbAxe80zzvx7d3TGSNuHGJ5c0ug0tu7Z5sFqlhvpvLjJsUfpuClJt567GrTMDf2MzJ23N7jaogMhd6tVyxpQbnSKQfiD/NGEGb+MFdvEwx5dGkgZiyozLIa8FtWumm2USD+BTDxDxVKPmRyC+QkGrOSkFebrJfwSaBI/CyFqAykjuXZ/XTaGxsgyGy2QkktiSJPiSRS/kj8wSxKJm2+dhAzFlRmNp+CUbxpSaOAuYTi9xrPjaxfEf8Q0hPAAcQv5Go98WeKvK/4M89KtxF/akCE+NclEH9Q9fZPYh+XBubRi8ZYFxR7c7gU9Fr3bYceaXE4MUf88q3nif9PyNWnJbXFkRIXtwm5lOVx2cezizP/uAZ5jf888/HLdz1hxoLKTOQzViLxplnxY9m/gED84c6WtJP3iMifVTyj1wxvY1duJY/BgtadgtU/K4lfvPXcZT/P1ecl7cPsBUV2H7vw5imTLdsQfSo1yZsHsYvi7709iPjII8xYUJmJGggipm8K8W8BTviBhUBvZwfiBwuB+M8OxA8WAvGfHYgfAKVA/AAoBeIHQCkF4m9N5TAtvdQ19XShbrq8PUFrioMCAFagTPyTLLumtvLvmpqOBV3TtEl7BogfgH2ZJ373nQ4DlJg9C8QPwL7ME39rRmUv0D7ZCtB1QT1uDhp/fUECYlg4FW6XuGgSAPsxc89P1vyiIGP2vjU2ctfUo5qdsWvqyhndWFM3HcR/TtBsh2f+nr9uuvkzv28fFxDeSDHdhSwQMHucEjdZQPzHZuae34p4pvrniR+KPy2u+aKLQHAUFs78/TjAC0/1ZXuw7B++xpb9/pSB9eOJ8J4Io9mOzcw9v9+cdIlOr4h2ZyRBp7QjD/yqyrQQ/6mwj3CNwcx/cHDCDwClQPwAKAXiB0ApED8ASoH4AVAKxA+AUtZ26Y28F2Qv78EV8boKPbjhm0osQoLGHSSRXyx7nRNdLsvaLr0u8HTKYwhn8LJeF64j8HMaaQs9JRaElPpS25BTZ7Y/do2pccoow9ouvWLgHsf0tOG7gs4Sf3AGlHebWF8KXMIadLkMK7v0FoofQ8HFSY/7WYvtXnPE75wJuqbGydACVnbpFZb9oZ3/Ba6G17583y5aYuLnj5vE3kOmo3GKQifLsbJLr9xaPVpCFbmRvmTmZz/ukIoe+I0l4gLC2i69BfsxcHGCtt58z8/8xfkbByCxtktvmfgxFFwX5su75Gn/1K8KxB/tS+hkOdZ26eU17v80D1ZkF4f78ReKX+xjwfv/lvWl4Ief6GoUnSwHTvgBoBSIHwClQPwAKAXiB0ApED8ASoH4AVDKLi69EadLcEFsWxMHu60s5a7BQGJ7l96Y0yW4IPwE6HZfyk4QgDh7ufTGLOBKkF4xft3O0qODfcpeLr39GAsn/K4Mb/3tLD3E/yl7ufT2mfUauAJ2cuiJaDey9GXOwiDOXi692O9rADP/qdjHpRf/elcHZEHo9uobWXqI/1P2cOlFG6kBT/vPxN4uvRV+Yena2P/Sa9t3OwvE/xk44QeAUiB+AJQC8QOgFIgfAKVA/AAoBeIHQCl7uPQSG076XJ09XXpLLCDODi69XUfey6JVLs2eh3zKDgKBOLu79KJNLsyeLr2Fbr8gzp4uvalD2eAK7OnYU+j8A+Ls4tI77cS4Uya4FHu69Ba6/YI4u7n0ThexGLswmPlPxV7/pbfkKjg7e7r0Frr9gjh7/ZdePyUMAhflIA/5of0i9nXpnRoE4r8se7r0llhAHCr+/wEA1OCJ/z8AgBogfgCUAvEDoBSIHwClQPwAKAXiB0ApED8ASoH4AVCKf8IPH3zwUfb5fg7wwQefr3z+D07o2h642l3UAAAAAElFTkSuQmCC
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAW4AAACRCAIAAABsc8WgAAATQ0lEQVR4nO2dO7KcvBaFGRfjuaV5eAZM4EyDUbjKkSPKqf/spA65AUjspyRANP1YX3WV27TQc2uxJSSdbu46fPDBB5+Tn/tzgA8++LzBZ/3nfwAAcAgmJTMAABwDUgIAaACkBADQAEgJAKABkBIAQAMgJQCABpSkZAzdRhjpT9PQxx/6YZKB10skGn4FvCHJAFJbb0YSjSddSdak72JW1w9TNmZilToUeBgVUhKbZRp6bg9bG07DMLLA09CT5pyG0Pdo3ndna/70bRzWRh/DYi/JiNIX4y5qdTzmZFc6HmFz4NHskBLeoNxDyQSe5zH0wxDQzG/ONPTkqSNbe7EHYjnrV/MuISVjYC6MGY+SH/BgdkhJalBPSVzdCaOIB23+lqyuR/RAKKtMWBZi3JWRksX4dDxj6PphCNZIHDyEPXMlZHRja4E1wFnNAFLyCVjzF/F6HM0I/8K8S8zQkaHLGLpukRIRzxi6vh/GGAZi8nB2zpXwcaoRWOhOUh3ox9tDzIJ3ZvI/7U2Ydylr2dRmGProg2ivhMzIQksezZ65EmOqyw+crlCgJm+MGIYQ/5TOz9OZkXVco+/yHzzmDEvHR9C+2wwu5IhXMic/M4ZSb3By8cBBeU+I82G8nllRjyPrLtdENhM03wRtd8MpeTx75kocn5OtK4GUfDDEJFI3p7CLxtKTzLSrNkEVzxYRzOsOsNoVANAASAkAoAGQEgBAAyAlAIAGQEoAAA2AlAAAGlAlJeSNsNywKd7ixcsy2N7X/Njl+aIUtvl7K+szMehbMlewnuQ+ylLCjhohXZyfOTAILeGHSKCBP4LSA6C4XFrHoG8xIlFHGYAbKEmJanR/IaNzE5TkUyitPTROBijFYB5KkIkEyx/voyAlRmvRjRKFnRLzrDeIUz90DF0fwnKIkvhNLNi3VkPGHeXlpbbgERS3+TvH2eRiyG/bs5QHNnAXZSmRbaMOU7PshuqNsRp6DOmkik0I7PkWsUdjuyg3XEBKbqa4zd88YSAfg3mYgBcJNgTfygmvhIbxjroROzjFfgzpepB44088A9GOis838HiK2/zrvBIWww6vBPMkN3N8rqR8rR9GIjsVI9tFbZhYQEpehuI2f30yQDEGfYsdCRyS+6l7g8OOt4pDkoGKhGk4nXQ0RDBDBaKleAMcvQk9foek3E1xm3/NgTcihro3OGj6J2DvuhL+ktdcVhLRCkPHOPqURjUjq0ZGpicCKXkeitv89ckAxRj8wwTkwhMsLbkVrHYFADQAUgIuQxzHaU6OwJ94FyAlAIAGQEoAAA2AlAAAGgApAQA0oG5dyYlZsYPHBfgn3ZdvxDvhuyhu9q84ZAC8KDsWzouTBK5lU4SdWgQpuY/SZv/yIQPgdSlIyW0d8/DSeEjJM2C2Aha6vzU1f1LL2hssV6aG0Hdd34sNM/3A/3i9coBdj9iWEmuw5Z1OEHcPQ1sej73ZHzun3pqKaVdxkkDtWQFq650eqeiojJ+sAU4xTn5gCoz2oWR22OQPGQCvTO0bnHSSQP6sgM1ckjbYe3xTnM5aRzrtau77ceJczrzAwbD34W/2h1fy1tS/DNYH4kWYWajN4Xkp8QbMlqlt4WP0dmbEQAs8juwcSPGQAfDKlKZd9UkCpbMCpqHvQ+i1K2sORrxnkyUlRkzuoInNr+D59xhKVY03OO9MzbSrHGdkzgpIP6vZVxGbmnYt/AEMFroPoffiZHojj90CF1Kz2b94yAB4WbDaFQDQAEgJuAycIfBJQEoAAA2AlAAAGgApAQA0AFICAGjAjpfBB9/g4WXs55DZY9UZSwI8u8isNwJPS4WUHNvsb8RwTXjwNOhDBuwlzpn2XRYlBdjA61EvJUc7OaTkA3F3S9S1LmzgBTkkJelUgfTkUSsHtmWNA73LUiXqFfPFtbCoFyXttpF/Dm0Mi0UU1pmg4V+QQwMcOpYVf4hT/nVO8mfFTSkpnDwAi3pB7L9Znx4O/ZD7Y6Dz+hsa/tXYM+1qHTZh/nlwdvLNmPNKKv4mOXgtHIlYmlV6o46WwAZekD0DHOsipAQQfHkwpSTzCgc28GqclRI5wJF/yZ4McPjJZhjgvB9+e6UG3ywDA5w347SU6Km1GEROu5LREnvbJ08eWP+PadcXQx8yQK6ws7Eyq0p4JGj9FwKrXQEADYCUgFvBQQTvAqQEANAASAkAoAGQEgBAAyAlAIAGQEoAAA2AlAAAGgApAQA0AFICAGgApAQA0ABICQCgAZASAEADICUAgAZASgAADYCUAAAaACkBADQAUgIAaACkBADQAEgJAKABkBIAQAO4lHyH8LNLn6/v+defLvzsx3/blzP897dfor369v25ncbfXfgZfh3MmpuB8/V2stJ2Yea2SdODt8eQkh9/t78YcL5L/PqzddGdWiA79udIybFKOw+kBBymICWJo/Y0fv080CvYXYkXkpITOZmPVloDICXgMEe8ksW4l88amIyMiNEvXWK7vtz443dP71WxybsS5u1mfkS2v/7IWyKLgqQP6735ApIw/fiP3RL+jMUMGEnsqbRsDHaiIocx2FYE78Z804vshd/h6zerKCjRh5CZKwm/TCn5DqI7fX2PXz+78Hv4z4jfeMD++DuZXgCxuZxXIm838iOyTW9hNr38+vXNU6woIMkJu5LCFDJg5XlfpWVjMBO1crjctUVr3phtep297ut7nv8NP2JakJIPYbdXQh5l6eGTnu3aYlxf3XnWlaVE3G7lJ+dMKadpSUV2p2wBDVUS4pLPgJnnXZWWj8FMlOfQTsLPrZsoyR6tlszTBbwne6XE6EUkpOeuZ3rFEkD0unopsfNzQkpqCjhql2qPlLhJVFdaIYZrpMROFFICFnZ7JasH8Wf9g4y//hJzMWZt2UDG6BXfyROmhmhPgprPZzM//viCxklSXBzyn+HXXFVAb4DjSInMQC6JmkrLt4IxTtkS1TnMDnDYINdMtCglGOB8CGenXcPv4T86U6gfRHH+hTvD2m3uf9CHHrkrUTE+kuYrfHL1HoTNcZrTrl4BzWlXT0p0BnSed1VaPgYzUS1/zrSrvDGfKKQELLz5atfPtOPPLDW4F0jJG/KZpQb3Ail5Qz6z1OBe3lxKAACPAVICAGgApAQA0IA6KZmGvlvpB7JsZAxdGGfv/2OgoZffpqHnUfjw2w8iczjPY+g6eW0tYT9McyGH9q9NsioivCjbqSljXGOITUuiH4No6Yorm5GobIoA3EbKVde8esEFlKVkGnra+NMwEEPJaclm5uv/dppDGwNSnXIMXd/LvCz96XBy7W39omxPQ7/Eu32Z4s1j6KLYdyEE1nTFK/M8Duv3NZ5i0lYkbmVASp6ekpQkA3CYhp7+TARjGvowpF/3K0krAxI5nMfQ9SH0yruqsWmPC2z9kmyT1jQalsqXLlHNlcx1L+maqoOUvAIFKfGUZGtcoRHpv8uXZJ30yxJgDF0/DEEOm6IX3A/DZkBkgCWiY3a2dj/haYscLuGF+7RcIRlzczjqXJGsUqPn8Yxr4PjcV3GOKbaJ5Kptts3smU19Qkrsp4aXtC8TXvXurknwEMpSUnzwjEGYfBi3q+mfaKbU4okwqG9keEQ85jTmJ9KU/P41s9Y8A5+z4aG223SfNHMoc8WzakpJp7+KUpOpjK1ftM626XdMW9e0G7j+ypx9+JieSMa1sS3hSE2CB3DQK2FYWhItZzF4okja9Ml3plzkIn9crp5Hkqpx+R4v8TkalUOZ1qZ95uPddDG8rOZvmWsCcIercbazfZjNcRyUEhYH8w53eiU7qremJsH1nJ0rmedZtNk09P0w0kmSMBC7aCQlyb1fRSSM3IFazJj2DDUgihndHm3PICVyIqFptvlUljFXkunh5StZW/GSvk5KqkwXNKP8Bof4y/Mc3+AIA2BzhEsvps3cWY87dyxQGuAQB58MbUIIwiSZNW45JOlSJ3mvlNhZJfkbQ3bUI6Narwr7b51t/QZnQz7Rd0qJN1IhRbGSFrcVLeFoTYKrqVpXQmY9LUdy1t1W2JhlOo5ZjGm+0Jx2FY4HDSBj4KP/lEPx4MpoXOm5Z2Y1pb69W6l6loagF11cke1tMjN1OF5d9EqX9GffFXtpSSZpOu2Rqd4zNQkuptlq11E6BU/H8+Yw+0B/3mw/ISXXCFwHFs4/AegArUBN3gek5AlAB2gFavI+ICUAgAZASgAADYCUAAAa0PaQAX+ZwGHMJYtHo3UXU7sLI/mb7F1sL6Vlte2LJF/DZxjjEli5Zl7QbvrBSKtwKgXPTlzgm3/rzIsh7FGuU0hhRLm3hSrZOrBOTmjA4yd9TqfY+JCB9lJi9vL2FW1ryTT0ajvunij5Or2c1btJlGr4DGtUjo5eYs05LbFPpcgujfOU3n5mTEPo7bVIOpcibacyckv+TpGp/ItU5nIp2XnIwAVSopJoFG05Fb2BaBc8k7mKzBanUMNniFFZZb/KZKe9p1LkV9namfSu0sWEFZ2VZ84I7Z2ccJ73k5Ldhwx4UiI2/usLaZ0i3TtunhLAU5Hx6HuFb5y5UaRC9gduv4yh09vY/YsTjY1uX00pE79auO+yU5k1LMoiVt3LKuaBaOtoM1IJWU12+vCE9N+4qco9lcLKWEZJ4jELsUIWDePLf2UYK/51L2LRcdNZofVl7hZwO4WQvD3WsiXNJbOusa6VEm9ugdQhH31adm/4tVsRYghSeDU/wHOh14PHMOJeN12dAZXKVnZaC6O1jd27aEtJLjO5KjJreGZe/pZ6hfvuJmEmZDeZrgCSHbNaZFpj2uK8RioMhk5hSEn0J7j6fkhhY58Loyi7DGOUOz8VQs1LtYtvilte1CSV2naks1WyFpYeVeRiY93ilYhiiIe2tj9RN2LHBmvj4ikBMloWj5WQ0Q+NDMhUqH7wXXqstNLZcS6y+La+YBmH/DVfw87OabPhculqLdEDNL/J7O9mtai0uM2rQaXvldAysgc8vWUJpIdLOowutticqd3crFdi2F7stJu8cls1W3m3tbCfiHztaKwjtD5kgLsx/O4pbfwv7UtlgWUSs21Ms3sv+W/hRv7kEGjxTrEUL5oTdNZ0gPGrztghKcmna/iCTv7tAEXrlN2VmUXVqRRGuo7TLNLth0m0Zs+Pbpmc5EY+J6yT4pMpJVM0p95Yp9BScshatjieSUpEhuIbHP3EpV2Q6qmy5+QbK3dQloRVz2TthjXise41Xgc4N6ZULGVLg9PNkIn3aF2kDWZNUFgDDXuAMlmnDcwqcmZbPFw+XVHDRkL5JvOsU1eLTmuqO5WimK5VI9IEuemoMLzWzIplGA8Iy3SI8hkvBGmnkAOc3dZCK18McG6XkliyjJOlRwPaQxdjCRan8JZ14C2JUZ6xLuIR98qohKLrdCZxzCGrg5hPtY3duyhqjeeYWNUaNLoT4ldew+wBSzqqTkgUXsesHwjidsNjt5vMt87S4QkxYuGzMzdLlJdlzJkTUrOKRqF0GBUZKbLjm6daVQ6FZcasaDpAvEKmXfday5K6njN7Eimp4QF74R+z3b6Qilnjp5uhhter4Wy1fOThCWoU+UZg4fxO7pOS1wPVwnGmdt4ESMlOICX1oFoSYj7oHYGUAAAaACkBADQAUgIAaAAOGfBTWX84OuduvbU9EklhLd8JlqhkEmI5V9MhvpGWt2Q9/sayI97wG+9R7QxrA05XjHez/qvfJ8C14bvBIQN+Ku6aouoo+boa1zxzxSnV8BnWqBwdvWTSNKclfCG5WlVoZYytM3Nq2zLgwtKyitXYr0mmFJevKyktnC8vkTzdADKJRtGWU7FXOlej1pK6FZktTqGGzxCjssp+VeeZLjpkwKtts97JRXd1cibR1+VGKfE6wJZufokkW9nLXEd5Ia2MDDhkQNVUSZ3tRZlGFfNAtHUq3nBbTfY0hww4tW0bcEmMMmO+tMx3d8F5xkTiO7qDacN8r80QOiNpWophYKcQ9NbK753gkIEZhwzoshsJ2U2mK4APOh52yIAvJUYtULOgtZHpT2oAdaDgKvGt7Du6A8uwancyuCO/O6XwNukcAocMEMvBIQMitBgy+E1WfM6LHqS1JP6sBpW+V8LK6NT2Ma/E0OFiYWsKLi6w0waqu4NZfNPqsg7dzGTneimp1ZIUhj8F+N0T3U9dmtbaAsskZq82vXvJfws38geGQIt3iqV4kVxmw3jTiI0BF8/YISnJp2tbvNuUKkCxR8l+z8yiwSEDXm69uRJd4W5u6wpbVXCaPPN6d3SHV5USkV58g6OfAbQL0qevsmfpv5mFZIFlEiSsjse613gd4Nw44ZABfcOWit9kXo/S1aLTmvii8vHQIQNObcf4hAEbwm57JV78BwrO4+9DYAZd3x1YKqrd85Ujfn3kACcVIj2bLSPUowHtoctRKI1TeHQ68JbEiEMGcMgAzVi816ttlXNRZcwt0zHwp9apgktXRVq3V7dVNlzrJcVSbNOuqfJJAQ+BQwZ2pmKK92lFr+H1ajhbLe98yMBD7OHZwML5ndwnJa/Hx1bLRxYcUrITSEk9H1stH1lwSAkAoAGQEgBAA5iU4IMPPvic+NyfA3zwwecNPv8HmvQoZ+ayEmUAAAAASUVORK5CYII=

Then when windows wanted to find a solution for me, nothing happened. That is normal I don't think that works anymore.

Here is the log from Farbar

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Farbar Service Scanner Version: 01-03-2012
Ran by Jessie (administrator) on 11-03-2012 at 19:22:20
Running from "C:\Users\Jessie\Desktop"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-12-04 03:24] - [2011-09-20 14:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#4
jessie-jay
Posted 11 March 2012 - 09:20 PM

jessie-jay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry about the screen shots. Here is what the blue screen returned on reboot.

Problem signature:

Problem event name Blue Screen
op system 6.0.6002.2.2.0.256.1
local id 1033

Additional info

BCCode a
BCP1: 7FFDE124
BCP2: 000000FF
BCP3: 00000000
BCP4: 8208F906
OS VER 6_0_6002
SERV PACK 2_0
PRODUCT 256_1


fILES THAT HELP DESCRIBE THE PROBLEM

A minidump that I can't open in notepad
a xml file
and this file

Windows NT Version 6.0 Build: 6002 Service Pack 2
Product (0x1): Windows Vista ™ Ultimate
Edition: Ultimate
BuildString: 6002.18533.x86fre.vistasp2_gdr.111025-0338
Flavor: Multiprocessor Free
Architecture: X86
LCID: 1033

When trying to open these files I was denied access. I had to go to the folder properties and make myself owner to get at them.
  • 0

#5
Essexboy
Posted 12 March 2012 - 05:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that be a clue

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
jessie-jay
Posted 12 March 2012 - 06:18 AM

jessie-jay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I ran the avast again. It did not blue screen but did stop and was displaying something in security is essentials was locked.. I have included the screen shot in attached files.

Kaperski log

++++++++++++++++++++++++++++++++++++++++++++++++++
04:24:20.0614 4112 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
04:24:21.0206 4112 ============================================================
04:24:21.0206 4112 Current date / time: 2012/03/12 04:24:21.0206
04:24:21.0206 4112 SystemInfo:
04:24:21.0206 4112
04:24:21.0206 4112 OS Version: 6.0.6002 ServicePack: 2.0
04:24:21.0206 4112 Product type: Workstation
04:24:21.0206 4112 ComputerName: JESSIE-JPC
04:24:21.0207 4112 UserName: Jessie
04:24:21.0207 4112 Windows directory: C:\Windows
04:24:21.0207 4112 System windows directory: C:\Windows
04:24:21.0207 4112 Processor architecture: Intel x86
04:24:21.0207 4112 Number of processors: 1
04:24:21.0207 4112 Page size: 0x1000
04:24:21.0207 4112 Boot type: Normal boot
04:24:21.0207 4112 ============================================================
04:24:22.0244 4112 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:24:22.0247 4112 \Device\Harddisk0\DR0:
04:24:22.0247 4112 MBR used
04:24:22.0247 4112 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
04:24:22.0272 4112 Initialize success
04:24:22.0272 4112 ============================================================
04:27:27.0481 4272 ============================================================
04:27:27.0481 4272 Scan started
04:27:27.0481 4272 Mode: Manual; SigCheck; TDLFS;
04:27:27.0481 4272 ============================================================
04:27:27.0956 4272 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
04:27:28.0224 4272 ACPI - ok
04:27:28.0536 4272 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
04:27:28.0602 4272 adp94xx - ok
04:27:28.0699 4272 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
04:27:28.0750 4272 adpahci - ok
04:27:28.0920 4272 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
04:27:29.0022 4272 adpu160m - ok
04:27:29.0110 4272 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
04:27:29.0180 4272 adpu320 - ok
04:27:29.0385 4272 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
04:27:29.0489 4272 AFD - ok
04:27:29.0771 4272 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
04:27:29.0835 4272 agp440 - ok
04:27:30.0167 4272 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
04:27:30.0234 4272 aic78xx - ok
04:27:30.0454 4272 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
04:27:30.0477 4272 aliide - ok
04:27:30.0636 4272 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
04:27:30.0706 4272 amdagp - ok
04:27:30.0904 4272 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
04:27:30.0934 4272 amdide - ok
04:27:31.0027 4272 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
04:27:31.0153 4272 AmdK7 - ok
04:27:31.0285 4272 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
04:27:31.0405 4272 AmdK8 - ok
04:27:31.0573 4272 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
04:27:31.0636 4272 arc - ok
04:27:31.0738 4272 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
04:27:31.0787 4272 arcsas - ok
04:27:31.0869 4272 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
04:27:31.0966 4272 AsyncMac - ok
04:27:32.0211 4272 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
04:27:32.0261 4272 atapi - ok
04:27:32.0617 4272 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
04:27:32.0690 4272 Beep - ok
04:27:32.0949 4272 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
04:27:33.0048 4272 blbdrive - ok
04:27:33.0296 4272 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
04:27:33.0403 4272 bowser - ok
04:27:33.0702 4272 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
04:27:33.0899 4272 BrFiltLo - ok
04:27:34.0192 4272 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
04:27:34.0247 4272 BrFiltUp - ok
04:27:34.0418 4272 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
04:27:34.0632 4272 Brserid - ok
04:27:34.0750 4272 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
04:27:34.0917 4272 BrSerWdm - ok
04:27:35.0108 4272 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
04:27:35.0180 4272 BrUsbMdm - ok
04:27:35.0491 4272 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
04:27:35.0602 4272 BrUsbSer - ok
04:27:35.0822 4272 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
04:27:35.0923 4272 BTHMODEM - ok
04:27:36.0164 4272 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
04:27:36.0282 4272 cdfs - ok
04:27:36.0591 4272 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
04:27:36.0684 4272 cdrom - ok
04:27:36.0979 4272 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
04:27:37.0082 4272 circlass - ok
04:27:37.0267 4272 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
04:27:37.0355 4272 CLFS - ok
04:27:37.0608 4272 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
04:27:37.0648 4272 cmdide - ok
04:27:37.0891 4272 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
04:27:37.0928 4272 Compbatt - ok
04:27:38.0180 4272 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
04:27:38.0215 4272 crcdisk - ok
04:27:38.0312 4272 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
04:27:38.0580 4272 Crusoe - ok
04:27:38.0801 4272 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
04:27:38.0927 4272 CSC - ok
04:27:39.0223 4272 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
04:27:39.0339 4272 DfsC - ok
04:27:39.0582 4272 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
04:27:39.0660 4272 disk - ok
04:27:39.0890 4272 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
04:27:39.0967 4272 drmkaud - ok
04:27:40.0149 4272 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
04:27:40.0246 4272 DXGKrnl - ok
04:27:40.0501 4272 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
04:27:40.0646 4272 E1G60 - ok
04:27:40.0989 4272 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
04:27:41.0048 4272 Ecache - ok
04:27:41.0159 4272 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys
04:27:41.0634 4272 ElRawDisk - ok
04:27:42.0180 4272 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
04:27:42.0312 4272 elxstor - ok
04:27:42.0588 4272 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
04:27:42.0641 4272 ErrDev - ok
04:27:42.0723 4272 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
04:27:42.0797 4272 exfat - ok
04:27:43.0085 4272 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
04:27:43.0153 4272 fastfat - ok
04:27:43.0504 4272 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
04:27:43.0573 4272 fdc - ok
04:27:43.0851 4272 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
04:27:43.0909 4272 FileInfo - ok
04:27:44.0117 4272 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
04:27:44.0236 4272 Filetrace - ok
04:27:44.0570 4272 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
04:27:44.0655 4272 flpydisk - ok
04:27:44.0880 4272 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
04:27:44.0924 4272 FltMgr - ok
04:27:45.0200 4272 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
04:27:45.0311 4272 Fs_Rec - ok
04:27:45.0884 4272 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
04:27:45.0972 4272 fvevol - ok
04:27:46.0338 4272 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
04:27:46.0384 4272 gagp30kx - ok
04:27:46.0467 4272 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:27:46.0529 4272 GEARAspiWDM - ok
04:27:46.0644 4272 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
04:27:46.0812 4272 HdAudAddService - ok
04:27:46.0874 4272 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:27:46.0971 4272 HDAudBus - ok
04:27:47.0055 4272 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
04:27:47.0170 4272 HidBth - ok
04:27:47.0244 4272 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
04:27:47.0321 4272 HidIr - ok
04:27:47.0779 4272 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
04:27:47.0871 4272 HidUsb - ok
04:27:48.0504 4272 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
04:27:48.0569 4272 HpCISSs - ok
04:27:49.0615 4272 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
04:27:49.0728 4272 HSF_DP - ok
04:27:50.0020 4272 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
04:27:50.0110 4272 HSXHWBS2 - ok
04:27:50.0769 4272 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
04:27:50.0944 4272 HTTP - ok
04:27:51.0401 4272 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
04:27:51.0450 4272 i2omp - ok
04:27:51.0743 4272 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
04:27:51.0838 4272 i8042prt - ok
04:27:53.0125 4272 ialm (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
04:27:53.0367 4272 ialm - ok
04:27:53.0974 4272 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
04:27:54.0041 4272 iaStorV - ok
04:27:54.0900 4272 igfx (e5490aea3b791c454e9933bf749ca3d8) C:\Windows\system32\DRIVERS\igdkmd32.sys
04:27:55.0003 4272 igfx - ok
04:27:55.0457 4272 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
04:27:55.0520 4272 iirsp - ok
04:27:55.0806 4272 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
04:27:55.0961 4272 IntcAzAudAddService - ok
04:27:56.0341 4272 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
04:27:56.0393 4272 intelide - ok
04:27:56.0637 4272 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
04:27:56.0768 4272 intelppm - ok
04:27:57.0082 4272 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:27:57.0170 4272 IpFilterDriver - ok
04:27:57.0451 4272 IpInIp - ok
04:27:57.0565 4272 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
04:27:57.0656 4272 IPMIDRV - ok
04:27:57.0848 4272 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
04:27:57.0974 4272 IPNAT - ok
04:27:58.0288 4272 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
04:27:58.0359 4272 IRENUM - ok
04:27:58.0813 4272 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
04:27:58.0869 4272 isapnp - ok
04:27:59.0034 4272 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
04:27:59.0070 4272 iScsiPrt - ok
04:27:59.0170 4272 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
04:27:59.0204 4272 iteatapi - ok
04:27:59.0293 4272 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
04:27:59.0367 4272 iteraid - ok
04:27:59.0574 4272 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
04:27:59.0610 4272 kbdclass - ok
04:27:59.0828 4272 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
04:27:59.0889 4272 kbdhid - ok
04:28:00.0029 4272 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
04:28:00.0079 4272 KSecDD - ok
04:28:00.0296 4272 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
04:28:00.0393 4272 lltdio - ok
04:28:00.0845 4272 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
04:28:00.0902 4272 LSI_FC - ok
04:28:01.0351 4272 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
04:28:01.0431 4272 LSI_SAS - ok
04:28:01.0873 4272 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
04:28:01.0930 4272 LSI_SCSI - ok
04:28:02.0300 4272 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
04:28:02.0429 4272 luafv - ok
04:28:02.0777 4272 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
04:28:02.0864 4272 MBAMProtector - ok
04:28:03.0389 4272 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
04:28:03.0482 4272 mdmxsdk - ok
04:28:03.0767 4272 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
04:28:03.0805 4272 megasas - ok
04:28:04.0148 4272 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
04:28:04.0204 4272 MegaSR - ok
04:28:04.0491 4272 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
04:28:04.0580 4272 Modem - ok
04:28:04.0940 4272 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
04:28:05.0018 4272 monitor - ok
04:28:05.0347 4272 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
04:28:05.0381 4272 mouclass - ok
04:28:05.0577 4272 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
04:28:05.0655 4272 mouhid - ok
04:28:05.0845 4272 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
04:28:05.0895 4272 MountMgr - ok
04:28:05.0961 4272 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
04:28:06.0016 4272 MpFilter - ok
04:28:06.0061 4272 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
04:28:06.0132 4272 mpio - ok
04:28:06.0253 4272 MpKslc8a1dbbc (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53448B2F-2F06-4792-9047-20ED5FC79CF7}\MpKslc8a1dbbc.sys
04:28:06.0301 4272 MpKslc8a1dbbc - ok
04:28:06.0475 4272 MpKslfa2c5cee (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53448B2F-2F06-4792-9047-20ED5FC79CF7}\MpKslfa2c5cee.sys
04:28:06.0534 4272 MpKslfa2c5cee - ok
04:28:06.0796 4272 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
04:28:06.0833 4272 MpNWMon - ok
04:28:06.0924 4272 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
04:28:06.0998 4272 mpsdrv - ok
04:28:07.0240 4272 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
04:28:07.0279 4272 Mraid35x - ok
04:28:07.0370 4272 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
04:28:07.0436 4272 MRxDAV - ok
04:28:07.0711 4272 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:28:07.0789 4272 mrxsmb - ok
04:28:07.0940 4272 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:28:07.0997 4272 mrxsmb10 - ok
04:28:08.0139 4272 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:28:08.0254 4272 mrxsmb20 - ok
04:28:08.0555 4272 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
04:28:08.0584 4272 msahci - ok
04:28:08.0757 4272 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
04:28:08.0789 4272 msdsm - ok
04:28:08.0886 4272 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
04:28:08.0955 4272 Msfs - ok
04:28:09.0017 4272 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
04:28:09.0043 4272 msisadrv - ok
04:28:09.0159 4272 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
04:28:09.0246 4272 MSKSSRV - ok
04:28:09.0466 4272 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
04:28:09.0510 4272 MSPCLOCK - ok
04:28:09.0560 4272 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
04:28:09.0618 4272 MSPQM - ok
04:28:09.0752 4272 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
04:28:09.0838 4272 MsRPC - ok
04:28:09.0947 4272 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
04:28:09.0992 4272 mssmbios - ok
04:28:10.0142 4272 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
04:28:10.0195 4272 MSTEE - ok
04:28:10.0357 4272 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
04:28:10.0439 4272 Mup - ok
04:28:10.0713 4272 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
04:28:10.0777 4272 NativeWifiP - ok
04:28:10.0970 4272 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
04:28:11.0034 4272 NDIS - ok
04:28:11.0094 4272 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
04:28:11.0169 4272 NdisTapi - ok
04:28:11.0222 4272 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
04:28:11.0274 4272 Ndisuio - ok
04:28:11.0314 4272 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
04:28:11.0377 4272 NdisWan - ok
04:28:11.0457 4272 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
04:28:11.0535 4272 NDProxy - ok
04:28:11.0593 4272 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
04:28:11.0672 4272 NetBIOS - ok
04:28:11.0778 4272 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
04:28:11.0870 4272 netbt - ok
04:28:12.0028 4272 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
04:28:12.0066 4272 nfrd960 - ok
04:28:12.0155 4272 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:28:12.0222 4272 NisDrv - ok
04:28:12.0295 4272 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
04:28:12.0345 4272 Npfs - ok
04:28:12.0420 4272 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
04:28:12.0513 4272 nsiproxy - ok
04:28:12.0624 4272 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
04:28:12.0911 4272 Ntfs - ok
04:28:12.0980 4272 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
04:28:13.0075 4272 ntrigdigi - ok
04:28:13.0180 4272 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
04:28:13.0210 4272 Null - ok
04:28:13.0336 4272 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
04:28:13.0392 4272 nvraid - ok
04:28:13.0501 4272 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
04:28:13.0538 4272 nvstor - ok
04:28:13.0620 4272 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
04:28:13.0657 4272 nv_agp - ok
04:28:13.0721 4272 NwlnkFlt - ok
04:28:13.0845 4272 NwlnkFwd - ok
04:28:14.0029 4272 ohci1394 - ok
04:28:14.0407 4272 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
04:28:14.0530 4272 Parport - ok
04:28:14.0995 4272 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
04:28:15.0044 4272 partmgr - ok
04:28:15.0523 4272 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
04:28:15.0614 4272 Parvdm - ok
04:28:16.0093 4272 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
04:28:16.0131 4272 pci - ok
04:28:16.0627 4272 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
04:28:16.0681 4272 pciide - ok
04:28:17.0136 4272 pcmcia - ok
04:28:17.0889 4272 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
04:28:18.0028 4272 PEAUTH - ok
04:28:18.0725 4272 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
04:28:18.0845 4272 PptpMiniport - ok
04:28:19.0173 4272 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
04:28:19.0260 4272 Processor - ok
04:28:19.0727 4272 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
04:28:19.0839 4272 PSched - ok
04:28:20.0526 4272 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
04:28:20.0598 4272 ql2300 - ok
04:28:20.0720 4272 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
04:28:20.0792 4272 ql40xx - ok
04:28:20.0866 4272 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
04:28:20.0962 4272 QWAVEdrv - ok
04:28:21.0022 4272 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
04:28:21.0080 4272 RasAcd - ok
04:28:21.0189 4272 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:28:21.0260 4272 Rasl2tp - ok
04:28:21.0329 4272 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
04:28:21.0403 4272 RasPppoe - ok
04:28:21.0468 4272 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
04:28:21.0527 4272 RasSstp - ok
04:28:21.0591 4272 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
04:28:21.0694 4272 rdbss - ok
04:28:21.0770 4272 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:28:21.0851 4272 RDPCDD - ok
04:28:21.0966 4272 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
04:28:22.0048 4272 rdpdr - ok
04:28:22.0112 4272 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
04:28:22.0161 4272 RDPENCDD - ok
04:28:22.0255 4272 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
04:28:22.0361 4272 RDPWD - ok
04:28:22.0508 4272 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
04:28:22.0545 4272 RsFx0103 - ok
04:28:22.0611 4272 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
04:28:22.0707 4272 rspndr - ok
04:28:22.0775 4272 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
04:28:22.0861 4272 RTL8169 - ok
04:28:22.0940 4272 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
04:28:23.0069 4272 sbp2port - ok
04:28:23.0155 4272 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:28:23.0239 4272 secdrv - ok
04:28:23.0324 4272 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
04:28:23.0401 4272 Serenum - ok
04:28:23.0464 4272 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
04:28:23.0529 4272 Serial - ok
04:28:23.0590 4272 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
04:28:23.0635 4272 sermouse - ok
04:28:23.0723 4272 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
04:28:23.0794 4272 sffdisk - ok
04:28:23.0861 4272 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
04:28:23.0920 4272 sffp_mmc - ok
04:28:23.0973 4272 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
04:28:24.0040 4272 sffp_sd - ok
04:28:24.0096 4272 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
04:28:24.0174 4272 sfloppy - ok
04:28:24.0316 4272 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
04:28:24.0360 4272 Sftfs - ok
04:28:24.0434 4272 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
04:28:24.0470 4272 Sftplay - ok
04:28:24.0513 4272 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
04:28:24.0543 4272 Sftredir - ok
04:28:24.0599 4272 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
04:28:24.0628 4272 Sftvol - ok
04:28:24.0701 4272 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
04:28:24.0746 4272 sisagp - ok
04:28:24.0790 4272 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
04:28:24.0834 4272 SiSRaid2 - ok
04:28:24.0912 4272 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
04:28:24.0957 4272 SiSRaid4 - ok
04:28:25.0037 4272 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
04:28:25.0154 4272 Smb - ok
04:28:25.0272 4272 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
04:28:25.0349 4272 spldr - ok
04:28:25.0480 4272 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
04:28:25.0561 4272 srv - ok
04:28:25.0666 4272 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
04:28:25.0726 4272 srv2 - ok
04:28:25.0814 4272 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
04:28:25.0873 4272 srvnet - ok
04:28:25.0962 4272 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
04:28:25.0988 4272 swenum - ok
04:28:26.0039 4272 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
04:28:26.0072 4272 Symc8xx - ok
04:28:26.0114 4272 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
04:28:26.0148 4272 Sym_hi - ok
04:28:26.0189 4272 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
04:28:26.0224 4272 Sym_u3 - ok
04:28:26.0348 4272 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
04:28:26.0439 4272 Tcpip - ok
04:28:26.0531 4272 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
04:28:26.0589 4272 Tcpip6 - ok
04:28:26.0666 4272 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
04:28:26.0745 4272 tcpipreg - ok
04:28:26.0794 4272 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
04:28:26.0855 4272 TDPIPE - ok
04:28:26.0904 4272 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
04:28:26.0958 4272 TDTCP - ok
04:28:27.0041 4272 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
04:28:27.0127 4272 tdx - ok
04:28:27.0204 4272 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
04:28:27.0259 4272 TermDD - ok
04:28:27.0369 4272 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:28:27.0428 4272 tssecsrv - ok
04:28:27.0462 4272 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
04:28:27.0522 4272 tunmp - ok
04:28:27.0559 4272 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
04:28:27.0629 4272 tunnel - ok
04:28:27.0712 4272 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
04:28:27.0759 4272 uagp35 - ok
04:28:27.0841 4272 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
04:28:27.0883 4272 udfs - ok
04:28:27.0947 4272 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
04:28:28.0012 4272 uliagpkx - ok
04:28:28.0063 4272 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
04:28:28.0151 4272 uliahci - ok
04:28:28.0193 4272 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
04:28:28.0223 4272 UlSata - ok
04:28:28.0290 4272 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
04:28:28.0332 4272 ulsata2 - ok
04:28:28.0385 4272 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
04:28:28.0454 4272 umbus - ok
04:28:28.0552 4272 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
04:28:28.0626 4272 usbccgp - ok
04:28:28.0680 4272 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
04:28:28.0769 4272 usbcir - ok
04:28:28.0824 4272 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
04:28:28.0918 4272 usbehci - ok
04:28:28.0996 4272 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
04:28:29.0065 4272 usbhub - ok
04:28:29.0118 4272 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
04:28:29.0188 4272 usbohci - ok
04:28:29.0258 4272 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
04:28:29.0323 4272 usbprint - ok
04:28:29.0386 4272 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
04:28:29.0462 4272 usbscan - ok
04:28:29.0520 4272 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:28:29.0585 4272 USBSTOR - ok
04:28:29.0641 4272 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
04:28:29.0684 4272 usbuhci - ok
04:28:29.0749 4272 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
04:28:29.0813 4272 vga - ok
04:28:29.0871 4272 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
04:28:29.0918 4272 VgaSave - ok
04:28:29.0967 4272 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
04:28:30.0057 4272 viaagp - ok
04:28:30.0108 4272 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
04:28:30.0185 4272 ViaC7 - ok
04:28:30.0232 4272 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
04:28:30.0257 4272 viaide - ok
04:28:30.0317 4272 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
04:28:30.0364 4272 volmgr - ok
04:28:30.0435 4272 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
04:28:30.0475 4272 volmgrx - ok
04:28:30.0564 4272 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
04:28:30.0611 4272 volsnap - ok
04:28:30.0682 4272 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
04:28:30.0751 4272 vsmraid - ok
04:28:30.0818 4272 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
04:28:30.0903 4272 VSTHWBS2 - ok
04:28:30.0990 4272 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
04:28:31.0112 4272 VST_DPV - ok
04:28:31.0198 4272 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
04:28:31.0306 4272 WacomPen - ok
04:28:31.0363 4272 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:28:31.0447 4272 Wanarp - ok
04:28:31.0461 4272 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
04:28:31.0531 4272 Wanarpv6 - ok
04:28:31.0639 4272 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
04:28:31.0668 4272 Wd - ok
04:28:31.0763 4272 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
04:28:31.0812 4272 Wdf01000 - ok
04:28:31.0952 4272 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
04:28:32.0032 4272 winachsf - ok
04:28:32.0163 4272 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
04:28:32.0247 4272 WinUSB - ok
04:28:32.0341 4272 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
04:28:32.0377 4272 WmiAcpi - ok
04:28:32.0495 4272 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
04:28:32.0614 4272 WpdUsb - ok
04:28:32.0697 4272 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
04:28:32.0748 4272 ws2ifsl - ok
04:28:32.0852 4272 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
04:28:32.0942 4272 WudfPf - ok
04:28:32.0983 4272 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:28:33.0040 4272 WUDFRd - ok
04:28:33.0121 4272 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
04:28:33.0165 4272 XAudio - ok
04:28:33.0244 4272 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
04:28:33.0366 4272 \Device\Harddisk0\DR0 - ok
04:28:33.0377 4272 Boot (0x1200) (e5f9a438c5022d3906b6970cab118444) \Device\Harddisk0\DR0\Partition0
04:28:33.0379 4272 \Device\Harddisk0\DR0\Partition0 - ok
04:28:33.0384 4272 ============================================================
04:28:33.0384 4272 Scan finished
04:28:33.0384 4272 ============================================================
04:28:33.0413 6044 Detected object count: 0
04:28:33.0415 6044 Actual detected object count: 0
04:28:59.0545 4776 Deinitialize success


Combo fix log

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ComboFix 12-03-12.02 - Jessie 03/12/2012 4:46.1.1 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1527.809 [GMT -7:00]
Running from: c:\users\Jessie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-12 to 2012-03-12 )))))))))))))))))))))))))))))))
.
.
2012-03-12 02:45 . 2012-03-12 02:45 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53448B2F-2F06-4792-9047-20ED5FC79CF7}\MpKslfa2c5cee.sys
2012-03-11 19:31 . 2012-03-11 19:31 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53448B2F-2F06-4792-9047-20ED5FC79CF7}\MpKslc8a1dbbc.sys
2012-03-11 19:31 . 2012-03-11 19:31 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53448B2F-2F06-4792-9047-20ED5FC79CF7}\offreg.dll
2012-03-11 19:05 . 2012-03-11 19:05 -------- d-----w- c:\users\Jessie\AppData\Roaming\Malwarebytes
2012-03-11 19:04 . 2012-03-11 19:04 -------- d-----w- c:\programdata\Malwarebytes
2012-03-11 19:04 . 2012-03-11 19:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-11 19:04 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-11 18:42 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53448B2F-2F06-4792-9047-20ED5FC79CF7}\mpengine.dll
2012-02-26 23:44 . 2012-02-26 23:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-26 23:44 . 2012-02-26 23:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-26 23:44 . 2012-02-26 23:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-26 23:44 . 2012-02-26 23:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-26 23:44 . 2012-02-26 23:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-26 23:44 . 2012-02-26 23:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-26 23:44 . 2012-02-26 23:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-02-26 23:44 . 2012-02-26 23:44 -------- d-----w- c:\program files\QuickTime
2012-02-25 06:10 . 2012-02-25 06:10 -------- d-----w- c:\program files\Flip Video
2012-02-25 04:55 . 2012-02-25 06:10 -------- d-----w- c:\programdata\Flip Video
2012-02-18 13:03 . 2012-02-18 13:03 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75C949A2-898D-40BF-9FBB-77F216430D0A}\offreg.dll
2012-02-17 00:48 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-17 00:48 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-17 00:48 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 00:23 . 2012-02-14 00:23 -------- d-----w- c:\users\Sylvia\AppData\Local\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 21:48 . 2011-11-22 06:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-11 00:11 . 2012-02-11 00:11 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CD65489-82EB-4A69-94F0-7DCB63199394}\gapaengine.dll
2012-02-08 06:03 . 2011-11-22 06:11 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-11-20 02:27 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-15 05:56 . 2012-01-15 05:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-09 07:11 . 2012-01-09 07:11 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-01-09 07:10 . 2012-01-09 07:10 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-09 07:10 . 2012-01-09 07:10 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2012-01-09 06:52 . 2011-03-29 02:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-06 19:51 . 2011-12-04 15:16 29696 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-01-06 19:51 . 2011-12-04 15:16 11776 ----a-w- c:\windows\system32\smrgdf.exe
2012-01-06 19:29 . 2011-12-04 15:17 2083464 ----a-w- c:\windows\system32\Incinerator32.dll
2012-02-17 20:37 . 2011-12-18 08:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-01-06 606904]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-19 133656]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Jessie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileSharing"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31124352
*NewlyCreated* - MPKSLFA2C5CEE
*Deregistered* - 31124352
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-12 01:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Jessie\AppData\Roaming\Mozilla\Firefox\Profiles\d7s565l6.default\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-12 04:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Jessie\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-12 05:03:07
ComboFix-quarantined-files.txt 2012-03-12 12:03
.
Pre-Run: 85,937,143,808 bytes free
Post-Run: 86,263,349,248 bytes free
.
- - End Of File - - 2235217F7A03F1461726F0D73340DDAB
avast.JPG
  • 0

#7
Essexboy
Posted 12 March 2012 - 08:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see no apparent malware, and FARBAR reported all the security services reg keys and files being correct

When you try to access event viewer what error do you get ?
  • 0

#8
jessie-jay
Posted 12 March 2012 - 07:06 PM

jessie-jay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Event viewer is working now
  • 0

#9
Essexboy
Posted 13 March 2012 - 03:19 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further outstanding problems ?
  • 0

#10
jessie-jay
Posted 14 March 2012 - 08:31 AM

jessie-jay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Do you mean besides the avast causing a blue screen, then still never being able to finish, and me having to take ownership of the folder rights before I could even access some of the logs you asked me for? Yep, there is still plenty. but I am thinking it is a little beyond what you are willing or able to do. I know it is above my ability, but I do want it fixed. I think I will try elsewhere. However, I do appreciate you taking the time to try. Have a good day.
  • 0

#11
Essexboy
Posted 14 March 2012 - 10:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So you have a rights access problem ?

Lets see if we can clear that first and then whittle the remaining problems down

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab select advanced mode and click start
Posted Image

Select the items as shown below and tick restart system when finished

  • 0

#12
Essexboy
Posted 18 March 2012 - 06:29 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP