Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

notepad.exe.mui and RS_Service and more taking over and slowing down m

Started by sdockery , Aug 14 2013 09:03 PM

  • Please log in to reply

#1
sdockery
Posted 14 August 2013 - 09:03 PM

sdockery

    Member

  • Member
  • PipPip
  • 15 posts
I have Windows 7 and my laptop began redirecting to random pages and was loading pages very slow when using the internet. I noticed 4 odd notepad.exe.mui files and when I ran tdsskiller I got a medium threat called Service:RS_Service. Can you please help me clean my laptop. I can tell there's just something that is trying to take over. There are times when I'm online where my screen will kind of jump and freeze for a freeze for a few seconds but, I don't see any address that is trying to tap in. Thank you for you help.

Here is my OTL Report:

OTL logfile created on: 8/14/2013 7:25:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steph\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.23 Mb Total Physical Memory | 213.63 Mb Available Physical Memory | 21.08% Memory free
3.37 Gb Paging File | 1.42 Gb Available in Paging File | 42.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 50.77 Gb Free Space | 37.07% Space Free | Partition Type: NTFS

Computer Name: STEPH-PC | User Name: Steph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/14 19:22:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Downloads\OTL.exe
PRC - [2013/07/24 19:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/07/24 13:40:47 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/08 13:25:48 | 002,563,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
PRC - [2013/02/08 13:23:18 | 003,235,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2013/01/20 09:35:47 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/13 11:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 11:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:57 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/10/07 02:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/09/30 17:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/09/30 17:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/09/30 17:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe
PRC - [2009/08/23 21:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 18:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/20 16:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/24 19:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 19:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/24 19:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 19:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 19:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 19:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/05/08 08:51:49 | 000,019,056 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2012/11/29 16:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/12 11:50:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 17:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/08 13:23:18 | 003,235,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2009/09/30 17:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/23 21:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steph\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/08/10 08:43:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 18:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/11/23 02:30:06 | 000,103,296 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/11/05 23:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/04 00:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/02 06:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 06:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 06:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...40DHP&dt=080513
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{13412CF1-2968-4DEA-965A-17B289726D56}: "URL" = http://websearch.ask...F9-D3F24C546052
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7GGNI_enUS533
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{E0D25CFB-0051-47E9-8F85-2A2C84007DA4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\5BB3A429B3744023B7F20A292791C105: "URL" = http://www.google.co...1I7GGNI_enUS533
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...0DHP&dt=080513"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...0&dt=080513&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steph\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steph\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2013/08/12 09:30:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/20 09:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/20 09:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/06/19 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions
[2013/05/14 23:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\6bmd2cxl.default-1361383091021\extensions
[2013/05/14 23:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\6bmd2cxl.default-1361383091021\extensions\[email protected]
[2013/08/05 17:39:03 | 000,002,402 | ---- | M] () -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\2jx1k7e6.default\searchplugins\bingp.xml
[2013/06/13 15:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/13 15:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/12 13:32:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.yahoo....r=spigot-yhp-ie
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: SEOquake = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.17.1_0\
CHR - Extension: Google Docs = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Make Me Fast = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apbfphfpbpkmpeljdopikeamjjgponla\0.0.43_0\
CHR - Extension: Google Drive = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.0_0\
CHR - Extension: Google Search = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: We Heart It = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae\3.1.0_0\
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.7.0_0\
CHR - Extension: YSlow = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh\3.1.2_0\
CHR - Extension: Gmail = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/10 17:21:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{553B170A-5768-476C-B586-3D6DE55A62CF}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD612608-98F2-447D-8306-503349FBF900}: NameServer = 12.69.180.11,12.69.180.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/10 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\Steph\Desktop\RK_Quarantine
[2013/08/10 17:27:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/10 17:26:57 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/10 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Local\temp
[2013/08/10 17:01:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/10 17:01:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/10 17:01:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/10 16:54:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/10 16:53:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/10 12:58:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/10 12:45:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/08/10 08:31:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/06 23:41:13 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Local\Bing Ads Intelligence
[2013/08/06 23:41:12 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Local\assembly
[2013/08/05 17:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\List Building Training Dashboard
[2013/08/05 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\List Building Training Dashboard
[1 C:\Users\Steph\Documents\*.tmp files -> C:\Users\Steph\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/14 19:47:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/14 19:12:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/14 17:50:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 17:50:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/14 17:33:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/14 17:33:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/14 08:21:26 | 000,003,008 | ---- | M] () -- C:\Users\Steph\Documents\Online Income Masterclass email swipe.rtf
[2013/08/13 12:22:14 | 000,001,800 | ---- | M] () -- C:\Users\Steph\Documents\Unique Article Wizard stuff.rtf
[2013/08/13 02:55:31 | 000,000,540 | ---- | M] () -- C:\Users\Steph\Documents\Spin Rewriter stuff.rtf
[2013/08/13 00:50:46 | 000,004,391 | ---- | M] () -- C:\Users\Steph\Documents\Keyword research tools aff stuff.rtf
[2013/08/12 23:43:43 | 000,000,937 | ---- | M] () -- C:\Users\Steph\Documents\Traffic Recon stuff.rtf
[2013/08/12 23:43:17 | 000,001,009 | ---- | M] () -- C:\Users\Steph\Documents\Insta Profit Sniper.rtf
[2013/08/12 21:24:05 | 000,001,495 | ---- | M] () -- C:\Users\Steph\Documents\Affilorama stuff.rtf
[2013/08/12 20:15:38 | 000,000,364 | ---- | M] () -- C:\Users\Steph\Documents\Get Money from Home stuff.rtf
[2013/08/12 19:48:55 | 000,001,342 | ---- | M] () -- C:\Users\Steph\Documents\CB Passive Income.rtf
[2013/08/12 19:38:58 | 000,000,426 | ---- | M] () -- C:\Users\Steph\Documents\Kick Butt Cellulite Removal Program stuff.rtf
[2013/08/12 19:05:50 | 000,000,563 | ---- | M] () -- C:\Users\Steph\Documents\Paid Social Media Jobs stuff.rtf
[2013/08/12 18:11:28 | 000,000,578 | ---- | M] () -- C:\Users\Steph\Documents\Feel the traffic stuff.rtf
[2013/08/12 09:30:02 | 796,831,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/12 09:10:49 | 000,001,136 | ---- | M] () -- C:\Users\Steph\Documents\Forever Affiliate stuff.rtf
[2013/08/11 21:40:30 | 000,119,325 | ---- | M] () -- C:\Users\Steph\Documents\FA Free Strategy Guide-rbr.pdf
[2013/08/11 11:04:13 | 000,023,794 | ---- | M] () -- C:\Users\Steph\Documents\Increase your blog earnings with a niche blog-article.odt
[2013/08/11 08:49:21 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/08/10 17:21:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/10 12:57:56 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/10 08:43:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/10 08:31:16 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/09 14:41:03 | 000,000,385 | ---- | M] () -- C:\Users\Steph\Documents\Home School Cash stuff.rtf
[2013/08/07 16:51:14 | 000,001,925 | ---- | M] () -- C:\Users\Steph\Documents\My Sites and other CPA stuff.rtf
[2013/08/07 16:25:12 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/07 15:54:44 | 000,001,371 | ---- | M] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/05 17:34:20 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\List Building Training Dashboard.lnk
[2013/07/25 12:53:46 | 000,358,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Steph\Documents\*.tmp files -> C:\Users\Steph\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/13 02:18:34 | 000,000,540 | ---- | C] () -- C:\Users\Steph\Documents\Spin Rewriter stuff.rtf
[2013/08/12 20:12:30 | 000,000,364 | ---- | C] () -- C:\Users\Steph\Documents\Get Money from Home stuff.rtf
[2013/08/12 19:38:57 | 000,000,426 | ---- | C] () -- C:\Users\Steph\Documents\Kick Butt Cellulite Removal Program stuff.rtf
[2013/08/12 19:32:10 | 000,001,342 | ---- | C] () -- C:\Users\Steph\Documents\CB Passive Income.rtf
[2013/08/12 19:04:41 | 000,000,563 | ---- | C] () -- C:\Users\Steph\Documents\Paid Social Media Jobs stuff.rtf
[2013/08/12 18:31:51 | 000,000,937 | ---- | C] () -- C:\Users\Steph\Documents\Traffic Recon stuff.rtf
[2013/08/12 18:16:39 | 000,001,009 | ---- | C] () -- C:\Users\Steph\Documents\Insta Profit Sniper.rtf
[2013/08/12 18:07:55 | 000,000,578 | ---- | C] () -- C:\Users\Steph\Documents\Feel the traffic stuff.rtf
[2013/08/11 21:40:29 | 000,119,325 | ---- | C] () -- C:\Users\Steph\Documents\FA Free Strategy Guide-rbr.pdf
[2013/08/11 11:04:10 | 000,023,794 | ---- | C] () -- C:\Users\Steph\Documents\Increase your blog earnings with a niche blog-article.odt
[2013/08/10 18:51:44 | 000,004,391 | ---- | C] () -- C:\Users\Steph\Documents\Keyword research tools aff stuff.rtf
[2013/08/10 17:01:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/10 17:01:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/10 17:01:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/10 17:01:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/10 17:01:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/09 14:41:02 | 000,000,385 | ---- | C] () -- C:\Users\Steph\Documents\Home School Cash stuff.rtf
[2013/08/09 14:20:55 | 000,001,136 | ---- | C] () -- C:\Users\Steph\Documents\Forever Affiliate stuff.rtf
[2013/08/05 17:34:20 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\List Building Training Dashboard.lnk
[2013/04/13 01:16:16 | 000,002,082 | ---- | C] () -- C:\Users\Steph\AppData\Local\recently-used.xbel
[2013/04/11 14:34:00 | 000,003,582 | ---- | C] () -- C:\Users\Steph\redirect.html
[2013/04/11 14:33:59 | 000,011,911 | ---- | C] () -- C:\Users\Steph\index.html
[2013/04/11 14:33:59 | 000,001,612 | ---- | C] () -- C:\Users\Steph\Read_Me.html
[2013/03/16 15:53:35 | 000,014,061 | ---- | C] () -- C:\Users\Steph\arrows.gif
[2013/03/16 15:53:35 | 000,000,993 | ---- | C] () -- C:\Users\Steph\download.html
[2013/03/16 15:53:35 | 000,000,334 | ---- | C] () -- C:\Users\Steph\checkpw.html
[2013/02/20 22:25:52 | 000,000,072 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2013/02/04 22:50:50 | 000,000,088 | ---- | C] () -- C:\Users\Steph\.95d691779473f3e03bc4b4e56319d74c.key
[2013/01/22 00:17:13 | 000,000,073 | ---- | C] () -- C:\Windows\Brian_Kumar niche mktg-EBrander.INI
[2013/01/12 19:46:49 | 000,000,214 | ---- | C] () -- C:\Users\Steph\AppData\Roaming\wklnhst.dat
[2013/01/12 17:47:10 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/01/05 23:55:05 | 000,158,244 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/10/23 18:15:30 | 000,000,166 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/18 08:42:03 | 000,007,604 | ---- | C] () -- C:\Users\Steph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/15 14:43:49 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Acer
[2013/05/15 09:44:18 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Affilorama
[2013/03/11 20:52:37 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Audacity
[2013/08/10 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Azureus
[2013/01/25 15:41:21 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Bryxen Software
[2013/06/18 14:02:10 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Clyde Software Unlimited
[2013/02/04 22:50:49 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\com.longtailpro.LongTailPro
[2013/05/06 09:41:48 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\CurationSoft
[2013/01/27 15:14:18 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\eSobi
[2013/05/04 12:06:20 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\FileZilla
[2013/01/13 15:42:08 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\kompozer.net
[2012/10/15 14:43:47 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Leadertech
[2013/01/26 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2013/03/06 18:44:24 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\niche
[2013/02/21 00:14:31 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Nvu
[2013/01/22 01:18:36 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\OpenOffice.org
[2013/02/04 17:36:59 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\SBBomber
[2013/03/07 13:45:07 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Spotify
[2013/01/17 21:32:25 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Template
[2012/10/27 22:32:07 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\The Legend Of Rome II
[2013/06/28 19:35:22 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Traffic Travis v4
[2013/05/10 15:41:27 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\UBot Studio
[2012/10/27 20:02:22 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\WildTangent
[2012/12/16 22:35:24 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\Windows Live Writer
[2013/05/04 15:14:32 | 000,000,000 | ---D | M] -- C:\Users\Steph\AppData\Roaming\WordFlood

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LESS >
[2012/11/29 08:52:43 | 000,004,677 | ---- | M] () MD5=B3839E30BE2DA3D5FC626DA154FCF6BE -- C:\Users\Steph\Downloads\Themes wp\Theme Forest Sintia\themeforest sintia\sintia\wpv_theme\assets\css\shortcodes\services.less

< MD5 for: SERVICES.LNK >
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PHP >
[2012/11/29 08:52:33 | 000,001,476 | ---- | M] () MD5=81DB919BED3C3B6A87BDDB3A7106E9EC -- C:\Users\Steph\Downloads\Themes wp\Theme Forest Sintia\themeforest sintia\sintia\wpv_common\shortcodes\generator\services.php
[2012/11/29 08:52:34 | 000,000,967 | ---- | M] () MD5=B3F29BE107898D7D293A276B488F3B12 -- C:\Users\Steph\Downloads\Themes wp\Theme Forest Sintia\themeforest sintia\sintia\wpv_common\shortcodes\services.php
[2012/11/29 08:52:43 | 000,002,271 | ---- | M] () MD5=B8C0312558899CDC796C20F32BB28283 -- C:\Users\Steph\Downloads\Themes wp\Theme Forest Sintia\themeforest sintia\sintia\wpv_theme\shortcode_templates\services.php

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.RDB >
[2012/08/13 11:51:02 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/08/13 11:51:02 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/08/10 16:12:16 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 15 August 2013 - 11:17 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download the adwCleaner
Pause your anti-virus. Close all browsers.
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the Delete option
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
sdockery
Posted 15 August 2013 - 04:22 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks for the quick response.

Here is the adwCleaner report:

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 16:18:00
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : Steph - STEPH-PC
# Boot Mode : Normal
# Running from : C:\Users\Steph\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\Software\InstallIQ

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\2jx1k7e6.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2529 octets] - [15/05/2013 13:17:06]
AdwCleaner[R2].txt - [2589 octets] - [15/05/2013 13:21:08]
AdwCleaner[R3].txt - [1285 octets] - [10/08/2013 08:23:24]
AdwCleaner[S1].txt - [2704 octets] - [15/05/2013 13:21:31]
AdwCleaner[S2].txt - [1223 octets] - [15/08/2013 16:18:00]

########## EOF - C:\AdwCleaner[S2].txt - [1283 octets] ##########

Next the Junk Ware Removal Tool report:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Starter x86
Ran by Steph on Thu 08/15/2013 at 16:37:58.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{13412CF1-2968-4DEA-965A-17B289726D56}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Failed to delete: [Folder] "C:\ProgramData\application data\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Steph\AppData\Roaming\mozilla\firefox\profiles\2jx1k7e6.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/15/2013 at 16:43:58.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And finally the first OTL Report:

OTL logfile created on: 8/15/2013 4:51:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steph\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.23 Mb Total Physical Memory | 437.60 Mb Available Physical Memory | 43.19% Memory free
1.99 Gb Paging File | 1.19 Gb Available in Paging File | 59.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 52.30 Gb Free Space | 38.19% Space Free | Partition Type: NTFS

Computer Name: STEPH-PC | User Name: Steph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/15 16:48:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe
PRC - [2013/07/24 13:40:47 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/06/20 17:25:44 | 000,995,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/08 13:25:48 | 002,563,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
PRC - [2013/02/08 13:23:18 | 003,235,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2013/01/20 09:35:47 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/13 11:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 11:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/07 02:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/09/30 17:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/09/30 17:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/09/30 17:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/09/10 08:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe
PRC - [2009/08/23 21:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/08/04 00:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 18:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/20 16:04:20 | 000,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkCalRem.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 16:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/08/10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2013/06/20 18:05:14 | 000,295,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/12 11:50:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 17:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/08 13:23:18 | 003,235,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/08/10 15:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe -- (NSL)
SRV - [2009/09/30 17:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/10 08:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/23 21:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Steph\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/08/10 08:43:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/06/18 21:50:08 | 000,107,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 18:38:11 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\0200000.010\ccSetx86.sys -- (ccSet_NST)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/11/23 02:30:06 | 000,103,296 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/11/05 23:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/04 00:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/02 06:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 06:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 06:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...40DHP&dt=080513
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7GGNI_enUS533
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{E0D25CFB-0051-47E9-8F85-2A2C84007DA4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\5BB3A429B3744023B7F20A292791C105: "URL" = http://www.google.co...1I7GGNI_enUS533
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing "
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Bing "
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?...0DHP&dt=080513"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://www.bing.com/...0&dt=080513&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steph\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steph\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2013/08/15 16:32:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/20 09:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/20 09:38:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/06/19 10:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Extensions
[2013/05/14 23:46:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\6bmd2cxl.default-1361383091021\extensions
[2013/05/14 23:46:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\6bmd2cxl.default-1361383091021\extensions\[email protected]
[2013/08/05 17:39:03 | 000,002,402 | ---- | M] () -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\2jx1k7e6.default\searchplugins\bingp.xml
[2013/06/13 15:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/13 15:19:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/12 13:32:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.yahoo....r=spigot-yhp-ie
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Steph\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: SEOquake = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc\1.0.17.1_0\
CHR - Extension: Google Docs = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Make Me Fast = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apbfphfpbpkmpeljdopikeamjjgponla\0.0.43_0\
CHR - Extension: Google Drive = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: AddThis - Share & Bookmark (new) = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde\3.0.0_0\
CHR - Extension: Google Search = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: We Heart It = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblenkmcolcdonmlfknbpbgjebabcoae\3.1.0_0\
CHR - Extension: Shareaholic for Google Chrome\u2122 = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmipnjdeifmobkhgogdnomkihhgojep\5.7.0_0\
CHR - Extension: YSlow = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh\3.1.2_0\
CHR - Extension: Gmail = C:\Users\Steph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/10 17:21:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Safe Web Lite) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{553B170A-5768-476C-B586-3D6DE55A62CF}: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD612608-98F2-447D-8306-503349FBF900}: NameServer = 12.69.180.11,12.69.180.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 16:49:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe
[2013/08/15 16:37:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/15 16:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/08/15 16:15:11 | 001,159,319 | ---- | C] (Thisisu) -- C:\Users\Steph\Desktop\JRT.exe
[2013/08/14 22:55:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/14 21:30:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/08/10 17:28:35 | 000,000,000 | ---D | C] -- C:\Users\Steph\Desktop\RK_Quarantine
[2013/08/10 17:27:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/10 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Local\temp
[2013/08/10 17:01:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/10 17:01:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/10 17:01:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/10 16:54:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/10 16:53:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/10 12:58:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/10 08:31:34 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/07 16:26:21 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/08/07 16:25:44 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/08/07 16:25:44 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/08/07 16:25:44 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/08/06 23:41:13 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Local\Bing Ads Intelligence
[2013/08/06 23:41:12 | 000,000,000 | ---D | C] -- C:\Users\Steph\AppData\Local\assembly
[2013/08/05 17:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\List Building Training Dashboard
[2013/08/05 17:33:43 | 000,000,000 | ---D | C] -- C:\Program Files\List Building Training Dashboard

========== Files - Modified Within 30 Days ==========

[2013/08/15 16:48:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steph\Desktop\OTL.exe
[2013/08/15 16:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/15 16:39:29 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 16:39:29 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 16:33:37 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/15 16:32:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 16:31:55 | 796,831,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 16:15:02 | 001,159,319 | ---- | M] (Thisisu) -- C:\Users\Steph\Desktop\JRT.exe
[2013/08/15 16:12:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/15 16:08:07 | 000,666,633 | ---- | M] () -- C:\Users\Steph\Desktop\adwcleaner.exe
[2013/08/15 15:38:40 | 000,001,936 | ---- | M] () -- C:\Users\Steph\Documents\The Marriage Bed stuff.rtf
[2013/08/14 08:21:26 | 000,003,008 | ---- | M] () -- C:\Users\Steph\Documents\Online Income Masterclass email swipe.rtf
[2013/08/13 12:22:14 | 000,001,800 | ---- | M] () -- C:\Users\Steph\Documents\Unique Article Wizard stuff.rtf
[2013/08/13 02:55:31 | 000,000,540 | ---- | M] () -- C:\Users\Steph\Documents\Spin Rewriter stuff.rtf
[2013/08/13 00:50:46 | 000,004,391 | ---- | M] () -- C:\Users\Steph\Documents\Keyword research tools aff stuff.rtf
[2013/08/12 23:43:43 | 000,000,937 | ---- | M] () -- C:\Users\Steph\Documents\Traffic Recon stuff.rtf
[2013/08/12 23:43:17 | 000,001,009 | ---- | M] () -- C:\Users\Steph\Documents\Insta Profit Sniper.rtf
[2013/08/12 21:24:05 | 000,001,495 | ---- | M] () -- C:\Users\Steph\Documents\Affilorama stuff.rtf
[2013/08/12 20:15:38 | 000,000,364 | ---- | M] () -- C:\Users\Steph\Documents\Get Money from Home stuff.rtf
[2013/08/12 19:48:55 | 000,001,342 | ---- | M] () -- C:\Users\Steph\Documents\CB Passive Income.rtf
[2013/08/12 19:38:58 | 000,000,426 | ---- | M] () -- C:\Users\Steph\Documents\Kick Butt Cellulite Removal Program stuff.rtf
[2013/08/12 19:05:50 | 000,000,563 | ---- | M] () -- C:\Users\Steph\Documents\Paid Social Media Jobs stuff.rtf
[2013/08/12 18:11:28 | 000,000,578 | ---- | M] () -- C:\Users\Steph\Documents\Feel the traffic stuff.rtf
[2013/08/12 09:10:49 | 000,001,136 | ---- | M] () -- C:\Users\Steph\Documents\Forever Affiliate stuff.rtf
[2013/08/11 21:40:30 | 000,119,325 | ---- | M] () -- C:\Users\Steph\Documents\FA Free Strategy Guide-rbr.pdf
[2013/08/11 11:04:13 | 000,023,794 | ---- | M] () -- C:\Users\Steph\Documents\Increase your blog earnings with a niche blog-article.odt
[2013/08/11 08:49:21 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2013/08/10 17:21:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/10 12:57:56 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/10 08:43:09 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/10 08:31:16 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/09 14:41:03 | 000,000,385 | ---- | M] () -- C:\Users\Steph\Documents\Home School Cash stuff.rtf
[2013/08/07 16:51:14 | 000,001,925 | ---- | M] () -- C:\Users\Steph\Documents\My Sites and other CPA stuff.rtf
[2013/08/07 16:25:17 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/08/07 16:25:12 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/07 16:25:08 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/08/07 16:25:08 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/08/07 16:25:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/08/07 16:25:00 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2013/08/07 16:24:59 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2013/08/07 15:54:44 | 000,001,371 | ---- | M] () -- C:\Users\Steph\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/05 17:34:20 | 000,001,212 | ---- | M] () -- C:\Users\Public\Desktop\List Building Training Dashboard.lnk
[2013/07/25 12:53:46 | 000,358,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/08/15 16:06:30 | 000,666,633 | ---- | C] () -- C:\Users\Steph\Desktop\adwcleaner.exe
[2013/08/15 15:28:57 | 000,001,936 | ---- | C] () -- C:\Users\Steph\Documents\The Marriage Bed stuff.rtf
[2013/08/13 02:18:34 | 000,000,540 | ---- | C] () -- C:\Users\Steph\Documents\Spin Rewriter stuff.rtf
[2013/08/12 20:12:30 | 000,000,364 | ---- | C] () -- C:\Users\Steph\Documents\Get Money from Home stuff.rtf
[2013/08/12 19:38:57 | 000,000,426 | ---- | C] () -- C:\Users\Steph\Documents\Kick Butt Cellulite Removal Program stuff.rtf
[2013/08/12 19:32:10 | 000,001,342 | ---- | C] () -- C:\Users\Steph\Documents\CB Passive Income.rtf
[2013/08/12 19:04:41 | 000,000,563 | ---- | C] () -- C:\Users\Steph\Documents\Paid Social Media Jobs stuff.rtf
[2013/08/12 18:31:51 | 000,000,937 | ---- | C] () -- C:\Users\Steph\Documents\Traffic Recon stuff.rtf
[2013/08/12 18:16:39 | 000,001,009 | ---- | C] () -- C:\Users\Steph\Documents\Insta Profit Sniper.rtf
[2013/08/12 18:07:55 | 000,000,578 | ---- | C] () -- C:\Users\Steph\Documents\Feel the traffic stuff.rtf
[2013/08/11 21:40:29 | 000,119,325 | ---- | C] () -- C:\Users\Steph\Documents\FA Free Strategy Guide-rbr.pdf
[2013/08/11 11:04:10 | 000,023,794 | ---- | C] () -- C:\Users\Steph\Documents\Increase your blog earnings with a niche blog-article.odt
[2013/08/10 18:51:44 | 000,004,391 | ---- | C] () -- C:\Users\Steph\Documents\Keyword research tools aff stuff.rtf
[2013/08/10 17:01:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/10 17:01:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/10 17:01:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/10 17:01:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/10 17:01:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/09 14:41:02 | 000,000,385 | ---- | C] () -- C:\Users\Steph\Documents\Home School Cash stuff.rtf
[2013/08/09 14:20:55 | 000,001,136 | ---- | C] () -- C:\Users\Steph\Documents\Forever Affiliate stuff.rtf
[2013/08/05 17:34:20 | 000,001,212 | ---- | C] () -- C:\Users\Public\Desktop\List Building Training Dashboard.lnk
[2013/04/13 01:16:16 | 000,002,082 | ---- | C] () -- C:\Users\Steph\AppData\Local\recently-used.xbel
[2013/04/11 14:34:00 | 000,003,582 | ---- | C] () -- C:\Users\Steph\redirect.html
[2013/04/11 14:33:59 | 000,011,911 | ---- | C] () -- C:\Users\Steph\index.html
[2013/04/11 14:33:59 | 000,001,612 | ---- | C] () -- C:\Users\Steph\Read_Me.html
[2013/03/16 15:53:35 | 000,014,061 | ---- | C] () -- C:\Users\Steph\arrows.gif
[2013/03/16 15:53:35 | 000,000,993 | ---- | C] () -- C:\Users\Steph\download.html
[2013/03/16 15:53:35 | 000,000,334 | ---- | C] () -- C:\Users\Steph\checkpw.html
[2013/02/20 22:25:52 | 000,000,072 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2013/02/04 22:50:50 | 000,000,088 | ---- | C] () -- C:\Users\Steph\.95d691779473f3e03bc4b4e56319d74c.key
[2013/01/22 00:17:13 | 000,000,073 | ---- | C] () -- C:\Windows\Brian_Kumar niche mktg-EBrander.INI
[2013/01/12 19:46:49 | 000,000,214 | ---- | C] () -- C:\Users\Steph\AppData\Roaming\wklnhst.dat
[2013/01/12 17:47:10 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/01/05 23:55:05 | 000,158,244 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/10/18 08:42:03 | 000,007,604 | ---- | C] () -- C:\Users\Steph\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


And the OTL Extras Report:

OTL Extras logfile created on: 8/15/2013 4:51:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Steph\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.23 Mb Total Physical Memory | 437.60 Mb Available Physical Memory | 43.19% Memory free
1.99 Gb Paging File | 1.19 Gb Available in Paging File | 59.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.95 Gb Total Space | 52.30 Gb Free Space | 38.19% Space Free | Partition Type: NTFS

Computer Name: STEPH-PC | User Name: Steph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- Reg Error: Value error. File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- Reg Error: Value error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25C09DFE-FDBF-47E1-B0C4-6F5AE3898172}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{326789EC-83A4-4CA9-AC02-3D19BE944B77}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A9EC2ECE-47DD-4059-88E7-69162C830431}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D5A2E089-8FDA-4F27-AD84-C293B28C25DF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D11DA9E-B159-4CDD-A3B0-2689496A7606}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{306A4146-EE36-42BB-93AA-2C7D79BE123F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3496A9BA-8858-407B-B23E-F3AF9026B71C}" = protocol=17 | dir=in | app=c:\users\steph\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3E5358A6-1E94-43E9-9540-5B1DD25D2F36}" = protocol=6 | dir=in | app=c:\users\steph\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{56F462AB-A75B-4716-A94C-0B22CE27DC8A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5CA84F38-DD9C-413E-86FE-614065C1E655}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{64B504F9-0276-453D-854C-97F3CDE19157}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{72295751-2D8C-4973-8CA4-3E875A06A43F}" = dir=in | app=c:\users\steph\appdata\local\microsoft\skydrive\skydrive.exe |
"{758DF06F-3BE8-43DD-B6C8-0B0B3397A6D8}" = protocol=6 | dir=in | app=c:\program files\onlywire\onlywirewindows.exe |
"{80E56D02-5725-4AAA-A597-BDCBF4B946FA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9FF453C3-8615-4AFD-8D46-BD1EE9BD02A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A6550763-2314-40F5-8242-630980D3519A}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{C31B0824-0F25-41D0-B7C8-9EFE4944D3EC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C484E271-432E-47C7-BE70-C9FD0AA013EE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D0605357-9379-4DD5-9923-F7103A42A419}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D9D3710C-3443-496C-B414-FF176FBEBAB2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E89D69E1-67B3-4989-A6E2-5218E6AA659D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EFFE44E2-0E85-4440-8A1F-AB7A20BF5843}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{F1B6A28D-D4A6-489D-A865-A9A2CD00CF5F}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{F937719A-5C21-41A2-BF91-35C94AAD6768}" = protocol=17 | dir=in | app=c:\program files\onlywire\onlywirewindows.exe |
"TCP Query User{16940A27-3C71-4691-85C8-8CD42D995429}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"TCP Query User{1F75CE4A-10D8-49C2-933A-7283CC31C6CF}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{232C8AC2-352D-46D6-8168-E0F1D1998B0F}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"UDP Query User{2B3FC43E-190C-4E6C-B4B0-3C692C37BA9A}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{2C273FE1-B07C-492F-8C9E-54ABCB7E1657}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"UDP Query User{AAEB78E8-4E98-4666-8AF9-9932CC305293}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1B947146-366B-42CD-86D5-219993CE3EE2}" = Windows Live MIME IFilter
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DADB23F-94E6-4E4D-AFE8-15DE4395E8F3}" = Microsoft Security Client
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4926AA2D-3C66-443D-A456-53AE3FA44144}" = Windows Live Family Safety
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5E9CE218-9409-48FF-B669-064F99ADB085}_is1" = List Building Training Dashboard version 1.3
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-1146-0000-0000-0000000FF1CE}" = Microsoft Office 2010 Primary Interop Assemblies
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9807A1F7-4BE5-39DE-9004-C7532BAE3C01}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A280C397-E593-4D72-9B82-92E95409F279}_is1" = Pinterest Profits Multiplier version 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.22beta
"8461-7759-5462-8226" = Vuze
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.3
"BBEC16685668EB1D6F3D05051DD7314B66370C9F" = Windows Driver Package - ENE (EUCR) USB (11/23/2009 5.89.0.62)
"CamStudio" = CamStudio
"FileZilla Client" = FileZilla Client 3.6.0.2
"GIMP-2_is1" = GIMP 2.8.4
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NST" = Norton Safe Web Lite
"Nvu_is1" = Nvu 1.0
"Raymond McNally's E@sy List Cleaner 1.0" = Raymond McNally's E@sy List Cleaner 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
"VLC media player" = VLC media player 2.0.6
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WordFlood" = WordFlood (remove only)
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BD4F486BB9396EFC30A39B83E40F2AE4C01690BF" = Bing Ads Intelligence
"GoToMeeting" = GoToMeeting 5.4.0.1082
"SkyDriveSetup.exe" = Microsoft SkyDrive

< End of report >
  • 0

#4
RKinner
Posted 15 August 2013 - 05:26 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
[2013/08/05 17:39:03 | 000,002,402 | ---- | M] () -- C:\Users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\2jx1k7e6.default\searchplugins\bingp.xml
[2013/08/15 16:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

:Files
C:\ProgramData\application data\boost_interprocess
C:\ProgramData\boost_interprocess

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\08152013-some number.log so look there if you don't see it.

IF you have the combofix log and also the tdsskiller log please post them.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Are you still seeing the problem?
  • 0

#5
sdockery
Posted 15 August 2013 - 08:53 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the combofix report:

ComboFix 13-08-15.02 - Steph 08/15/2013 21:21:30.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.334 [GMT -5:00]
Running from: c:\users\Steph\Downloads\Adware n Malware Cleaners\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130815163144.375199
c:\programdata\boost_interprocess\20130815163144.375199\NobuAgentService
c:\programdata\boost_interprocess\20130815163144.375199\NobuTrayIcon
.
.
((((((((((((((((((((((((( Files Created from 2013-07-16 to 2013-08-16 )))))))))))))))))))))))))))))))
.
.
2013-08-16 02:38 . 2013-08-16 02:38 -------- d-----w- c:\users\Steph\AppData\Local\temp
2013-08-16 02:38 . 2013-08-16 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-16 02:11 . 2013-08-16 02:11 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8F63530-7106-49CB-A8F9-E55900139627}\MpKsl05fdf22f.sys
2013-08-15 22:23 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8F63530-7106-49CB-A8F9-E55900139627}\mpengine.dll
2013-08-15 21:37 . 2013-08-15 21:37 -------- d-----w- c:\windows\ERUNT
2013-08-15 21:34 . 2013-08-16 02:36 -------- d-----w- c:\programdata\boost_interprocess
2013-08-15 14:56 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-15 02:30 . 2013-08-15 02:30 -------- d-----w- C:\TDSSKiller_Quarantine
2013-08-10 17:58 . 2013-08-15 14:14 -------- d-----w- c:\windows\system32\MRT
2013-08-10 13:31 . 2013-08-10 13:43 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-07 21:25 . 2013-08-07 21:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-08-07 04:41 . 2013-08-10 19:20 -------- d-----w- c:\users\Steph\AppData\Local\Bing Ads Intelligence
2013-08-07 04:41 . 2013-08-10 22:19 -------- d-----w- c:\users\Steph\AppData\Local\assembly
2013-08-05 22:33 . 2013-08-05 22:34 -------- d-----w- c:\program files\List Building Training Dashboard
2013-07-24 19:13 . 2013-07-24 18:58 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{75B34D40-7570-4DE1-90B2-24E14C23CBD6}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-07 21:25 . 2012-10-18 23:11 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-08-07 21:24 . 2012-10-18 23:11 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-22 14:19 . 2012-10-17 19:57 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-19 02:50 . 2013-06-19 02:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-19 02:50 . 2012-08-31 03:03 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-06-14 00:21 . 2013-03-11 15:34 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-12 16:50 . 2012-10-16 02:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 16:50 . 2012-10-16 02:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 12:54 . 2013-06-12 12:54 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-12 12:54 . 2013-06-12 12:54 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-12 12:54 . 2013-06-12 12:54 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-12 12:54 . 2013-06-12 12:54 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-12 12:54 . 2013-06-12 12:54 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-12 12:54 . 2013-06-12 12:54 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-06-12 12:54 . 2013-06-12 12:54 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-12 12:54 . 2013-06-12 12:54 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-06-12 12:54 . 2013-06-12 12:54 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-12 12:54 . 2013-06-12 12:54 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-12 12:54 . 2013-06-12 12:54 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-12 12:53 . 2013-06-12 12:53 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-12 12:53 . 2013-06-12 12:53 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-06-12 12:53 . 2013-06-12 12:53 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-12 12:53 . 2013-06-12 12:53 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-06-12 12:53 . 2013-06-12 12:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-05 03:05 . 2013-07-11 01:19 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 04:53 . 2013-07-11 01:19 509440 ----a-w- c:\windows\system32\qedit.dll
2013-05-29 01:50 . 2013-07-11 14:02 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-29 01:41 . 2013-07-11 14:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-29 01:41 . 2013-07-11 14:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-29 01:37 . 2013-07-11 14:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-29 01:36 . 2013-07-11 14:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-29 01:33 . 2013-07-11 14:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-11 15:29 220632 ----a-w- c:\users\Steph\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-11 15:29 220632 ----a-w- c:\users\Steph\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-11 15:29 220632 ----a-w- c:\users\Steph\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-10-07 1157640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-09 8120864]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 703008]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-23 1594664]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-01-20 295072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Steph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
wkcalrem.LNK - c:\program files\Microsoft Works\WkCalRem.exe [2007-6-20 46432]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-1-8 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-11-23 103296]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-08-10 40776]
R3 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.010\ccSetx86.sys [2011-08-08 132744]
S1 MpKsl05fdf22f;MpKsl05fdf22f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8F63530-7106-49CB-A8F9-E55900139627}\MpKsl05fdf22f.sys [2013-08-16 29904]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 727584]
S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 75804843
*NewlyCreated* - MPKSL05FDF22F
*Deregistered* - 75804843
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-07 21:01 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 16:50]
.
2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-27 01:32]
.
2013-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-03-27 01:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: Interfaces\{AD612608-98F2-447D-8306-503349FBF900}: NameServer = 12.69.180.11,12.69.180.12
FF - ProfilePath - c:\users\Steph\AppData\Roaming\Mozilla\Firefox\Profiles\2jx1k7e6.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=U040&ocid=U040DHP&dt=080513
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=U040DF&PC=U040&dt=080513&q=
FF - ExtSQL: 2013-06-18 21:09; {203FB6B2-2E1E-4474-863B-4C483ECCE78E}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-201143619-2611072518-538885658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-201143619-2611072518-538885658-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-15 21:43:33
ComboFix-quarantined-files.txt 2013-08-16 02:43
ComboFix2.txt 2013-08-15 03:55
ComboFix3.txt 2013-08-10 22:26
.
Pre-Run: 55,584,960,512 bytes free
Post-Run: 55,322,988,544 bytes free
.
- - End Of File - - CB6CAFD9DBD2589BDA2AB31048500E0B
A36C5E4F47E84449FF07ED3517B43A31


Now the tdsskiller report:

21:11:45.0554 5852 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
21:11:47.0581 5852 ============================================================
21:11:47.0582 5852 Current date / time: 2013/08/15 21:11:47.0581
21:11:47.0582 5852 SystemInfo:
21:11:47.0582 5852
21:11:47.0583 5852 OS Version: 6.1.7601 ServicePack: 1.0
21:11:47.0583 5852 Product type: Workstation
21:11:47.0583 5852 ComputerName: STEPH-PC
21:11:47.0584 5852 UserName: Steph
21:11:47.0584 5852 Windows directory: C:\Windows
21:11:47.0584 5852 System windows directory: C:\Windows
21:11:47.0585 5852 Processor architecture: Intel x86
21:11:47.0585 5852 Number of processors: 2
21:11:47.0585 5852 Page size: 0x1000
21:11:47.0585 5852 Boot type: Normal boot
21:11:47.0585 5852 ============================================================
21:11:54.0613 5852 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:11:55.0315 5852 ============================================================
21:11:55.0315 5852 \Device\Harddisk0\DR0:
21:11:55.0346 5852 MBR partitions:
21:11:55.0346 5852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
21:11:55.0346 5852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
21:11:55.0346 5852 ============================================================
21:11:55.0424 5852 C: <-> \Device\Harddisk0\DR0\Partition2
21:11:55.0424 5852 ============================================================
21:11:55.0424 5852 Initialize success
21:11:55.0424 5852 ============================================================
21:12:15.0815 3000 ============================================================
21:12:15.0815 3000 Scan started
21:12:15.0815 3000 Mode: Manual;
21:12:15.0815 3000 ============================================================
21:12:15.0955 3000 ================ Scan system memory ========================
21:12:15.0971 3000 System memory - ok
21:12:15.0971 3000 ================ Scan services =============================
21:12:16.0283 3000 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:12:16.0298 3000 1394ohci - ok
21:12:16.0361 3000 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:12:16.0376 3000 ACPI - ok
21:12:16.0439 3000 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:12:16.0454 3000 AcpiPmi - ok
21:12:16.0563 3000 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:12:16.0579 3000 AdobeFlashPlayerUpdateSvc - ok
21:12:16.0657 3000 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:12:16.0673 3000 adp94xx - ok
21:12:16.0719 3000 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:12:16.0735 3000 adpahci - ok
21:12:16.0766 3000 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:12:16.0766 3000 adpu320 - ok
21:12:16.0813 3000 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:12:16.0829 3000 AeLookupSvc - ok
21:12:16.0938 3000 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:12:16.0953 3000 AFD - ok
21:12:17.0000 3000 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:12:17.0016 3000 agp440 - ok
21:12:17.0094 3000 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:12:17.0094 3000 aic78xx - ok
21:12:17.0172 3000 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:12:17.0172 3000 ALG - ok
21:12:17.0219 3000 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:12:17.0234 3000 aliide - ok
21:12:17.0250 3000 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:12:17.0250 3000 amdagp - ok
21:12:17.0281 3000 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:12:17.0281 3000 amdide - ok
21:12:17.0328 3000 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:12:17.0328 3000 AmdK8 - ok
21:12:17.0343 3000 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:12:17.0343 3000 AmdPPM - ok
21:12:17.0390 3000 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:12:17.0390 3000 amdsata - ok
21:12:17.0453 3000 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:12:17.0453 3000 amdsbs - ok
21:12:17.0484 3000 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:12:17.0484 3000 amdxata - ok
21:12:17.0546 3000 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:12:17.0562 3000 AppID - ok
21:12:17.0609 3000 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:12:17.0609 3000 AppIDSvc - ok
21:12:17.0702 3000 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
21:12:17.0702 3000 Appinfo - ok
21:12:17.0858 3000 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:12:17.0874 3000 Apple Mobile Device - ok
21:12:17.0967 3000 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:12:17.0983 3000 arc - ok
21:12:18.0014 3000 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:12:18.0014 3000 arcsas - ok
21:12:18.0155 3000 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:12:18.0217 3000 aspnet_state - ok
21:12:18.0264 3000 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:12:18.0279 3000 AsyncMac - ok
21:12:18.0357 3000 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:12:18.0373 3000 atapi - ok
21:12:18.0435 3000 [ 0F4B6B99D6CDC1D93DF1FA690796B2F7 ] athr C:\Windows\system32\DRIVERS\athr.sys
21:12:18.0482 3000 athr - ok
21:12:18.0576 3000 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:12:18.0591 3000 AudioEndpointBuilder - ok
21:12:18.0638 3000 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:12:18.0638 3000 Audiosrv - ok
21:12:18.0716 3000 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:12:18.0732 3000 AxInstSV - ok
21:12:18.0810 3000 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:12:18.0825 3000 b06bdrv - ok
21:12:18.0888 3000 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:12:18.0903 3000 b57nd60x - ok
21:12:19.0059 3000 [ 4191F221E4AF85A391567C6F9B55F370 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
21:12:19.0153 3000 BCM43XX - ok
21:12:19.0231 3000 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:12:19.0231 3000 BDESVC - ok
21:12:19.0262 3000 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:12:19.0278 3000 Beep - ok
21:12:19.0356 3000 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:12:19.0356 3000 BFE - ok
21:12:19.0434 3000 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
21:12:19.0574 3000 BITS - ok
21:12:19.0590 3000 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:12:19.0590 3000 blbdrive - ok
21:12:19.0715 3000 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:12:19.0746 3000 Bonjour Service - ok
21:12:19.0793 3000 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:12:19.0793 3000 bowser - ok
21:12:19.0824 3000 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:12:19.0824 3000 BrFiltLo - ok
21:12:19.0855 3000 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:12:19.0855 3000 BrFiltUp - ok
21:12:19.0902 3000 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:12:19.0917 3000 BridgeMP - ok
21:12:19.0949 3000 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:12:19.0949 3000 Browser - ok
21:12:20.0011 3000 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:12:20.0011 3000 Brserid - ok
21:12:20.0042 3000 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:12:20.0042 3000 BrSerWdm - ok
21:12:20.0073 3000 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:12:20.0073 3000 BrUsbMdm - ok
21:12:20.0089 3000 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:12:20.0105 3000 BrUsbSer - ok
21:12:20.0120 3000 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:12:20.0120 3000 BTHMODEM - ok
21:12:20.0198 3000 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:12:20.0198 3000 bthserv - ok
21:12:20.0370 3000 catchme - ok
21:12:20.0432 3000 [ 2B2F9B4A08190334A9C36446B208BAE9 ] ccSet_NST C:\Windows\system32\drivers\NST\0200000.010\ccSetx86.sys
21:12:20.0432 3000 ccSet_NST - ok
21:12:20.0495 3000 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:12:20.0495 3000 cdfs - ok
21:12:20.0588 3000 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:12:20.0588 3000 cdrom - ok
21:12:20.0666 3000 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:12:20.0666 3000 CertPropSvc - ok
21:12:20.0697 3000 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:12:20.0697 3000 circlass - ok
21:12:20.0744 3000 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:12:20.0744 3000 CLFS - ok
21:12:20.0853 3000 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:12:20.0853 3000 clr_optimization_v2.0.50727_32 - ok
21:12:20.0947 3000 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:12:21.0072 3000 clr_optimization_v4.0.30319_32 - ok
21:12:21.0119 3000 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:12:21.0134 3000 CmBatt - ok
21:12:21.0165 3000 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:12:21.0181 3000 cmdide - ok
21:12:21.0228 3000 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:12:21.0243 3000 CNG - ok
21:12:21.0306 3000 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:12:21.0306 3000 Compbatt - ok
21:12:21.0368 3000 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:12:21.0384 3000 CompositeBus - ok
21:12:21.0415 3000 COMSysApp - ok
21:12:21.0462 3000 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:12:21.0462 3000 crcdisk - ok
21:12:21.0587 3000 [ 3897DFF247D9ED0006190349DE264E14 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:12:21.0680 3000 CryptSvc - ok
21:12:21.0743 3000 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:12:21.0758 3000 DcomLaunch - ok
21:12:21.0805 3000 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:12:21.0805 3000 defragsvc - ok
21:12:21.0867 3000 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:12:21.0867 3000 DfsC - ok
21:12:21.0945 3000 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:12:21.0961 3000 Dhcp - ok
21:12:21.0992 3000 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:12:21.0992 3000 discache - ok
21:12:22.0055 3000 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:12:22.0086 3000 Disk - ok
21:12:22.0164 3000 [ C701324C9E0C25DD9D60311BD87FBC84 ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
21:12:22.0164 3000 DKbFltr - ok
21:12:22.0226 3000 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:12:22.0226 3000 Dnscache - ok
21:12:22.0289 3000 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:12:22.0320 3000 dot3svc - ok
21:12:22.0382 3000 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:12:22.0382 3000 DPS - ok
21:12:22.0445 3000 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:12:22.0460 3000 drmkaud - ok
21:12:22.0554 3000 [ EDF7343ACAAB182C082F26EA97706E83 ] DsiWMIService C:\Program Files\Launch Manager\dsiwmis.exe
21:12:22.0554 3000 DsiWMIService - ok
21:12:22.0647 3000 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:12:22.0679 3000 DXGKrnl - ok
21:12:22.0757 3000 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:12:22.0757 3000 EapHost - ok
21:12:22.0928 3000 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:12:23.0053 3000 ebdrv - ok
21:12:23.0084 3000 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:12:23.0100 3000 EFS - ok
21:12:23.0131 3000 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:12:23.0147 3000 elxstor - ok
21:12:23.0256 3000 [ 7FC5C35144B2FF94FD65576D8C129D2B ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
21:12:23.0287 3000 ePowerSvc - ok
21:12:23.0318 3000 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:12:23.0318 3000 ErrDev - ok
21:12:23.0396 3000 [ 649427B91B9DC760001F73085A1BB25C ] EUCR C:\Windows\system32\DRIVERS\EUCR6SK.SYS
21:12:23.0412 3000 EUCR - ok
21:12:23.0505 3000 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:12:23.0521 3000 EventSystem - ok
21:12:23.0552 3000 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:12:23.0552 3000 exfat - ok
21:12:23.0599 3000 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:12:23.0599 3000 fastfat - ok
21:12:23.0677 3000 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:12:23.0724 3000 Fax - ok
21:12:23.0739 3000 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:12:23.0755 3000 fdc - ok
21:12:23.0786 3000 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:12:23.0786 3000 fdPHost - ok
21:12:23.0817 3000 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:12:23.0817 3000 FDResPub - ok
21:12:23.0849 3000 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:12:23.0849 3000 FileInfo - ok
21:12:23.0880 3000 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:12:23.0880 3000 Filetrace - ok
21:12:23.0911 3000 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:12:23.0911 3000 flpydisk - ok
21:12:23.0973 3000 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:12:23.0973 3000 FltMgr - ok
21:12:24.0051 3000 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
21:12:24.0083 3000 FontCache - ok
21:12:24.0192 3000 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:12:24.0192 3000 FontCache3.0.0.0 - ok
21:12:24.0239 3000 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:12:24.0239 3000 FsDepends - ok
21:12:24.0301 3000 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
21:12:24.0301 3000 fssfltr - ok
21:12:24.0457 3000 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:12:24.0504 3000 fsssvc - ok
21:12:24.0551 3000 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:12:24.0566 3000 Fs_Rec - ok
21:12:24.0629 3000 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:12:24.0644 3000 fvevol - ok
21:12:24.0707 3000 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:12:24.0707 3000 gagp30kx - ok
21:12:24.0785 3000 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
21:12:24.0785 3000 GameConsoleService - ok
21:12:24.0831 3000 GamesAppService - ok
21:12:24.0909 3000 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:12:24.0909 3000 GEARAspiWDM - ok
21:12:24.0972 3000 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:12:25.0003 3000 gpsvc - ok
21:12:25.0097 3000 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files\Acer\Registration\GregHSRW.exe
21:12:25.0143 3000 Greg_Service - ok
21:12:25.0253 3000 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:12:25.0268 3000 gupdate - ok
21:12:25.0299 3000 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:12:25.0299 3000 gupdatem - ok
21:12:25.0362 3000 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:12:25.0377 3000 hcw85cir - ok
21:12:25.0455 3000 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:12:25.0455 3000 HdAudAddService - ok
21:12:25.0518 3000 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:12:25.0518 3000 HDAudBus - ok
21:12:25.0549 3000 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:12:25.0549 3000 HidBatt - ok
21:12:25.0596 3000 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:12:25.0611 3000 HidBth - ok
21:12:25.0674 3000 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:12:25.0674 3000 HidIr - ok
21:12:25.0705 3000 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
21:12:25.0705 3000 hidserv - ok
21:12:25.0783 3000 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:12:25.0783 3000 HidUsb - ok
21:12:25.0830 3000 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:12:25.0830 3000 hkmsvc - ok
21:12:25.0877 3000 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:12:25.0877 3000 HomeGroupListener - ok
21:12:25.0939 3000 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:12:25.0939 3000 HomeGroupProvider - ok
21:12:26.0001 3000 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:12:26.0001 3000 HpSAMD - ok
21:12:26.0064 3000 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:12:26.0095 3000 HTTP - ok
21:12:26.0142 3000 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:12:26.0142 3000 hwpolicy - ok
21:12:26.0204 3000 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:12:26.0204 3000 i8042prt - ok
21:12:26.0298 3000 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:12:26.0313 3000 IAANTMON - ok
21:12:26.0345 3000 [ D483687EACE0C065EE772481A96E05F5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:12:26.0360 3000 iaStor - ok
21:12:26.0423 3000 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:12:26.0423 3000 iaStorV - ok
21:12:26.0532 3000 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:12:26.0579 3000 idsvc - ok
21:12:26.0750 3000 [ 81F7C715528AB621C6AF58869D4B07B9 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:12:26.0891 3000 igfx - ok
21:12:26.0953 3000 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:12:26.0953 3000 iirsp - ok
21:12:27.0015 3000 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:12:27.0062 3000 IKEEXT - ok
21:12:27.0218 3000 [ 081596B57BC442CEAD3B1AE00B612DA0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:12:27.0327 3000 IntcAzAudAddService - ok
21:12:27.0359 3000 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:12:27.0359 3000 intelide - ok
21:12:27.0421 3000 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:12:27.0437 3000 intelppm - ok
21:12:27.0468 3000 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:12:27.0468 3000 IPBusEnum - ok
21:12:27.0530 3000 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:12:27.0530 3000 IpFilterDriver - ok
21:12:27.0624 3000 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:12:27.0639 3000 iphlpsvc - ok
21:12:27.0702 3000 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:12:27.0702 3000 IPMIDRV - ok
21:12:27.0764 3000 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:12:27.0764 3000 IPNAT - ok
21:12:27.0858 3000 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:12:27.0873 3000 iPod Service - ok
21:12:27.0951 3000 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:12:27.0951 3000 IRENUM - ok
21:12:27.0998 3000 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:12:27.0998 3000 isapnp - ok
21:12:28.0045 3000 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:12:28.0061 3000 iScsiPrt - ok
21:12:28.0092 3000 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:12:28.0107 3000 kbdclass - ok
21:12:28.0139 3000 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:12:28.0139 3000 kbdhid - ok
21:12:28.0170 3000 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:12:28.0170 3000 KeyIso - ok
21:12:28.0217 3000 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:12:28.0217 3000 KSecDD - ok
21:12:28.0232 3000 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:12:28.0248 3000 KSecPkg - ok
21:12:28.0279 3000 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:12:28.0310 3000 KtmRm - ok
21:12:28.0373 3000 [ 77F2AE3E32C2E647180EF3D71308E6EE ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
21:12:28.0388 3000 L1C - ok
21:12:28.0466 3000 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
21:12:28.0497 3000 LanmanServer - ok
21:12:28.0529 3000 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:12:28.0544 3000 LanmanWorkstation - ok
21:12:28.0638 3000 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:12:28.0638 3000 lltdio - ok
21:12:28.0669 3000 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:12:28.0685 3000 lltdsvc - ok
21:12:28.0716 3000 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:12:28.0716 3000 lmhosts - ok
21:12:28.0778 3000 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:12:28.0794 3000 LSI_FC - ok
21:12:28.0809 3000 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:12:28.0809 3000 LSI_SAS - ok
21:12:28.0841 3000 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:12:28.0856 3000 LSI_SAS2 - ok
21:12:28.0887 3000 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:12:28.0903 3000 LSI_SCSI - ok
21:12:28.0919 3000 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:12:28.0919 3000 luafv - ok
21:12:29.0012 3000 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:12:29.0012 3000 MBAMProtector - ok
21:12:29.0137 3000 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:12:29.0153 3000 MBAMScheduler - ok
21:12:29.0246 3000 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:12:29.0293 3000 MBAMService - ok
21:12:29.0355 3000 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
21:12:29.0355 3000 MBAMSwissArmy - ok
21:12:29.0433 3000 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:12:29.0433 3000 megasas - ok
21:12:29.0511 3000 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:12:29.0527 3000 MegaSR - ok
21:12:29.0558 3000 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:12:29.0574 3000 MMCSS - ok
21:12:29.0589 3000 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:12:29.0589 3000 Modem - ok
21:12:29.0652 3000 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:12:29.0652 3000 monitor - ok
21:12:29.0730 3000 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:12:29.0730 3000 mouclass - ok
21:12:29.0792 3000 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:12:29.0792 3000 mouhid - ok
21:12:29.0855 3000 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:12:29.0855 3000 mountmgr - ok
21:12:29.0948 3000 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:12:29.0948 3000 MozillaMaintenance - ok
21:12:30.0026 3000 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:12:30.0026 3000 MpFilter - ok
21:12:30.0073 3000 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:12:30.0073 3000 mpio - ok
21:12:30.0245 3000 [ A69630D039C38018689190234F866D77 ] MpKsl05fdf22f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C8F63530-7106-49CB-A8F9-E55900139627}\MpKsl05fdf22f.sys
21:12:30.0245 3000 MpKsl05fdf22f - ok
21:12:30.0276 3000 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:12:30.0291 3000 mpsdrv - ok
21:12:30.0338 3000 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:12:30.0385 3000 MpsSvc - ok
21:12:30.0432 3000 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:12:30.0432 3000 MRxDAV - ok
21:12:30.0479 3000 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:12:30.0479 3000 mrxsmb - ok
21:12:30.0525 3000 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:12:30.0525 3000 mrxsmb10 - ok
21:12:30.0557 3000 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:12:30.0557 3000 mrxsmb20 - ok
21:12:30.0588 3000 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:12:30.0603 3000 msahci - ok
21:12:30.0619 3000 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:12:30.0635 3000 msdsm - ok
21:12:30.0650 3000 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:12:30.0666 3000 MSDTC - ok
21:12:30.0713 3000 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:12:30.0713 3000 Msfs - ok
21:12:30.0728 3000 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:12:30.0728 3000 mshidkmdf - ok
21:12:30.0760 3000 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:12:30.0760 3000 msisadrv - ok
21:12:30.0822 3000 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:12:30.0838 3000 MSiSCSI - ok
21:12:30.0838 3000 msiserver - ok
21:12:30.0900 3000 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:12:30.0916 3000 MSKSSRV - ok
21:12:31.0025 3000 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:12:31.0025 3000 MsMpSvc - ok
21:12:31.0056 3000 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:12:31.0056 3000 MSPCLOCK - ok
21:12:31.0087 3000 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:12:31.0087 3000 MSPQM - ok
21:12:31.0118 3000 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:12:31.0118 3000 MsRPC - ok
21:12:31.0165 3000 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:12:31.0181 3000 mssmbios - ok
21:12:31.0212 3000 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:12:31.0212 3000 MSTEE - ok
21:12:31.0243 3000 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:12:31.0243 3000 MTConfig - ok
21:12:31.0259 3000 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:12:31.0274 3000 Mup - ok
21:12:31.0337 3000 [ CB47C414E083CA6E50E634B148F28F64 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
21:12:31.0337 3000 mwlPSDFilter - ok
21:12:31.0368 3000 [ 647B953019559BFF07536F5C6121F333 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
21:12:31.0384 3000 mwlPSDNServ - ok
21:12:31.0399 3000 [ 5A236A36DB8687D1E64DC81C03EAABE1 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
21:12:31.0399 3000 mwlPSDVDisk - ok
21:12:31.0493 3000 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
21:12:31.0508 3000 MWLService - ok
21:12:31.0555 3000 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:12:31.0571 3000 napagent - ok
21:12:31.0649 3000 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:12:31.0664 3000 NativeWifiP - ok
21:12:31.0758 3000 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:12:31.0789 3000 NDIS - ok
21:12:31.0820 3000 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:12:31.0820 3000 NdisCap - ok
21:12:31.0867 3000 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:12:31.0883 3000 NdisTapi - ok
21:12:31.0914 3000 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:12:31.0930 3000 Ndisuio - ok
21:12:31.0976 3000 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:12:31.0976 3000 NdisWan - ok
21:12:32.0039 3000 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:12:32.0039 3000 NDProxy - ok
21:12:32.0054 3000 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:12:32.0070 3000 NetBIOS - ok
21:12:32.0117 3000 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:12:32.0117 3000 NetBT - ok
21:12:32.0148 3000 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:12:32.0148 3000 Netlogon - ok
21:12:32.0226 3000 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:12:32.0273 3000 Netman - ok
21:12:32.0335 3000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:12:32.0366 3000 NetMsmqActivator - ok
21:12:32.0398 3000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:12:32.0398 3000 NetPipeActivator - ok
21:12:32.0444 3000 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:12:32.0460 3000 netprofm - ok
21:12:32.0507 3000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:12:32.0507 3000 NetTcpActivator - ok
21:12:32.0522 3000 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:12:32.0538 3000 NetTcpPortSharing - ok
21:12:32.0585 3000 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:12:32.0585 3000 nfrd960 - ok
21:12:32.0663 3000 [ C58DB40E4C95BE8EE727BE872BE6383F ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:12:32.0663 3000 NisDrv - ok
21:12:32.0694 3000 [ CF6D9AB044DF22FB6ECCC3907DE9FD7A ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:12:32.0710 3000 NisSrv - ok
21:12:32.0756 3000 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:12:32.0772 3000 NlaSvc - ok
21:12:32.0959 3000 [ B57C58451370B4DC113698C524EE0AB7 ] NOBU C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
21:12:33.0115 3000 NOBU - ok
21:12:33.0162 3000 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:12:33.0162 3000 Npfs - ok
21:12:33.0209 3000 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:12:33.0209 3000 nsi - ok
21:12:33.0240 3000 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:12:33.0240 3000 nsiproxy - ok
21:12:33.0287 3000 [ E127420B7FEB65C7F279EAAC183BBC0E ] NSL C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
21:12:33.0287 3000 NSL - ok
21:12:33.0380 3000 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:12:33.0427 3000 Ntfs - ok
21:12:33.0458 3000 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:12:33.0458 3000 Null - ok
21:12:33.0521 3000 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:12:33.0536 3000 nvraid - ok
21:12:33.0568 3000 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:12:33.0568 3000 nvstor - ok
21:12:33.0614 3000 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:12:33.0630 3000 nv_agp - ok
21:12:33.0724 3000 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:12:33.0739 3000 odserv - ok
21:12:33.0817 3000 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:12:33.0817 3000 ohci1394 - ok
21:12:33.0864 3000 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:12:33.0880 3000 ose - ok
21:12:33.0926 3000 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:12:33.0942 3000 p2pimsvc - ok
21:12:33.0973 3000 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:12:33.0989 3000 p2psvc - ok
21:12:34.0051 3000 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:12:34.0067 3000 Parport - ok
21:12:34.0114 3000 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:12:34.0114 3000 partmgr - ok
21:12:34.0145 3000 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:12:34.0145 3000 Parvdm - ok
21:12:34.0176 3000 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:12:34.0192 3000 PcaSvc - ok
21:12:34.0238 3000 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:12:34.0254 3000 pci - ok
21:12:34.0270 3000 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:12:34.0285 3000 pciide - ok
21:12:34.0316 3000 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:12:34.0316 3000 pcmcia - ok
21:12:34.0348 3000 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:12:34.0363 3000 pcw - ok
21:12:34.0410 3000 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:12:34.0426 3000 PEAUTH - ok
21:12:34.0566 3000 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:12:34.0613 3000 pla - ok
21:12:34.0675 3000 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:12:34.0691 3000 PlugPlay - ok
21:12:34.0722 3000 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:12:34.0722 3000 PNRPAutoReg - ok
21:12:34.0753 3000 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:12:34.0769 3000 PNRPsvc - ok
21:12:34.0800 3000 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:12:34.0800 3000 PolicyAgent - ok
21:12:34.0831 3000 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:12:34.0847 3000 Power - ok
21:12:34.0909 3000 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:12:34.0909 3000 PptpMiniport - ok
21:12:34.0940 3000 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:12:34.0940 3000 Processor - ok
21:12:35.0003 3000 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:12:35.0018 3000 ProfSvc - ok
21:12:35.0034 3000 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:12:35.0050 3000 ProtectedStorage - ok
21:12:35.0081 3000 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:12:35.0081 3000 Psched - ok
21:12:35.0143 3000 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:12:35.0221 3000 ql2300 - ok
21:12:35.0252 3000 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:12:35.0268 3000 ql40xx - ok
21:12:35.0315 3000 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:12:35.0330 3000 QWAVE - ok
21:12:35.0346 3000 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:12:35.0346 3000 QWAVEdrv - ok
21:12:35.0362 3000 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:12:35.0377 3000 RasAcd - ok
21:12:35.0440 3000 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:12:35.0455 3000 RasAgileVpn - ok
21:12:35.0486 3000 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:12:35.0502 3000 RasAuto - ok
21:12:35.0518 3000 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:12:35.0518 3000 Rasl2tp - ok
21:12:35.0596 3000 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:12:35.0596 3000 RasMan - ok
21:12:35.0627 3000 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:12:35.0627 3000 RasPppoe - ok
21:12:35.0674 3000 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:12:35.0674 3000 RasSstp - ok
21:12:35.0720 3000 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:12:35.0736 3000 rdbss - ok
21:12:35.0752 3000 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:12:35.0752 3000 rdpbus - ok
21:12:35.0798 3000 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:12:35.0830 3000 RDPCDD - ok
21:12:35.0908 3000 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:12:35.0908 3000 RDPENCDD - ok
21:12:35.0939 3000 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:12:35.0954 3000 RDPREFMP - ok
21:12:35.0986 3000 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:12:36.0001 3000 RDPWD - ok
21:12:36.0064 3000 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:12:36.0079 3000 rdyboost - ok
21:12:36.0173 3000 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
21:12:36.0173 3000 RealNetworks Downloader Resolver Service - ok
21:12:36.0220 3000 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:12:36.0220 3000 RemoteAccess - ok
21:12:36.0266 3000 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:12:36.0282 3000 RemoteRegistry - ok
21:12:36.0329 3000 [ 906DCFC5EBF4EC0433F8D4FFFB0BA334 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
21:12:36.0329 3000 RMCAST - ok
21:12:36.0360 3000 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:12:36.0376 3000 RpcEptMapper - ok
21:12:36.0407 3000 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:12:36.0422 3000 RpcLocator - ok
21:12:36.0469 3000 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
21:12:36.0485 3000 RpcSs - ok
21:12:36.0547 3000 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:12:36.0547 3000 rspndr - ok
21:12:36.0625 3000 [ B5A4B7D779CF4070DF408DE18BD33B02 ] RS_Service C:\Program Files\Acer\Acer VCM\RS_Service.exe
21:12:37.0187 3000 RS_Service - ok
21:12:37.0327 3000 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:12:37.0327 3000 SamSs - ok
21:12:37.0405 3000 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:12:37.0405 3000 sbp2port - ok
21:12:37.0452 3000 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:12:37.0468 3000 SCardSvr - ok
21:12:37.0483 3000 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:12:37.0483 3000 scfilter - ok
21:12:37.0546 3000 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:12:37.0608 3000 Schedule - ok
21:12:37.0655 3000 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:12:37.0655 3000 SCPolicySvc - ok
21:12:37.0686 3000 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:12:37.0702 3000 SDRSVC - ok
21:12:37.0780 3000 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:12:37.0780 3000 secdrv - ok
21:12:37.0826 3000 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:12:37.0826 3000 seclogon - ok
21:12:37.0920 3000 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
21:12:37.0936 3000 SENS - ok
21:12:37.0951 3000 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:12:37.0951 3000 Serenum - ok
21:12:38.0014 3000 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:12:38.0014 3000 Serial - ok
21:12:38.0076 3000 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:12:38.0076 3000 sermouse - ok
21:12:38.0138 3000 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:12:38.0154 3000 SessionEnv - ok
21:12:38.0185 3000 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:12:38.0201 3000 sffdisk - ok
21:12:38.0216 3000 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:12:38.0216 3000 sffp_mmc - ok
21:12:38.0232 3000 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:12:38.0248 3000 sffp_sd - ok
21:12:38.0279 3000 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:12:38.0279 3000 sfloppy - ok
21:12:38.0326 3000 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:12:38.0326 3000 SharedAccess - ok
21:12:38.0357 3000 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:12:38.0388 3000 ShellHWDetection - ok
21:12:38.0450 3000 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:12:38.0450 3000 sisagp - ok
21:12:38.0497 3000 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:12:38.0513 3000 SiSRaid2 - ok
21:12:38.0528 3000 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:12:38.0544 3000 SiSRaid4 - ok
21:12:38.0575 3000 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:12:38.0591 3000 Smb - ok
21:12:38.0669 3000 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:12:38.0684 3000 SNMPTRAP - ok
21:12:38.0700 3000 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:12:38.0700 3000 spldr - ok
21:12:38.0747 3000 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:12:38.0778 3000 Spooler - ok
21:12:38.0918 3000 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:12:39.0043 3000 sppsvc - ok
21:12:39.0090 3000 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:12:39.0106 3000 sppuinotify - ok
21:12:39.0168 3000 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:12:39.0184 3000 srv - ok
21:12:39.0230 3000 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:12:39.0230 3000 srv2 - ok
21:12:39.0262 3000 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:12:39.0262 3000 srvnet - ok
21:12:39.0293 3000 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:12:39.0308 3000 SSDPSRV - ok
21:12:39.0340 3000 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:12:39.0355 3000 SstpSvc - ok
21:12:39.0402 3000 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:12:39.0402 3000 stexstor - ok
21:12:39.0464 3000 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:12:39.0496 3000 StiSvc - ok
21:12:39.0542 3000 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:12:39.0574 3000 swenum - ok
21:12:39.0636 3000 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:12:39.0683 3000 swprv - ok
21:12:39.0776 3000 [ 343AAB92E0959DC131C2051E09A68211 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:12:39.0792 3000 SynTP - ok
21:12:39.0870 3000 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:12:39.0917 3000 SysMain - ok
21:12:39.0964 3000 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:12:39.0964 3000 TabletInputService - ok
21:12:40.0026 3000 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:12:40.0057 3000 TapiSrv - ok
21:12:40.0104 3000 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:12:40.0120 3000 TBS - ok
21:12:40.0229 3000 [ D32FDAC73FCD76B85389C39BC1087F2A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:12:40.0276 3000 Tcpip - ok
21:12:40.0385 3000 [ D32FDAC73FCD76B85389C39BC1087F2A ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:12:40.0400 3000 TCPIP6 - ok
21:12:40.0447 3000 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:12:40.0463 3000 tcpipreg - ok
21:12:40.0510 3000 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:12:40.0510 3000 TDPIPE - ok
21:12:40.0525 3000 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:12:40.0541 3000 TDTCP - ok
21:12:40.0603 3000 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:12:40.0603 3000 tdx - ok
21:12:40.0650 3000 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:12:40.0650 3000 TermDD - ok
21:12:40.0728 3000 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:12:40.0759 3000 TermService - ok
21:12:40.0790 3000 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:12:40.0806 3000 Themes - ok
21:12:40.0822 3000 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:12:40.0822 3000 THREADORDER - ok
21:12:40.0884 3000 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:12:40.0900 3000 TrkWks - ok
21:12:40.0978 3000 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:12:40.0978 3000 TrustedInstaller - ok
21:12:41.0040 3000 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:12:41.0118 3000 tssecsrv - ok
21:12:41.0165 3000 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:12:41.0180 3000 TsUsbFlt - ok
21:12:41.0258 3000 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:12:41.0258 3000 tunnel - ok
21:12:41.0321 3000 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:12:41.0321 3000 uagp35 - ok
21:12:41.0352 3000 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:12:41.0352 3000 udfs - ok
21:12:41.0399 3000 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:12:41.0414 3000 UI0Detect - ok
21:12:41.0461 3000 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:12:41.0477 3000 uliagpkx - ok
21:12:41.0539 3000 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:12:41.0539 3000 umbus - ok
21:12:41.0570 3000 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:12:41.0570 3000 UmPass - ok
21:12:41.0633 3000 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
21:12:41.0633 3000 Updater Service - ok
21:12:41.0695 3000 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:12:41.0711 3000 upnphost - ok
21:12:41.0758 3000 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:12:41.0789 3000 usbccgp - ok
21:12:41.0820 3000 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:12:41.0836 3000 usbcir - ok
21:12:41.0867 3000 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:12:41.0867 3000 usbehci - ok
21:12:41.0929 3000 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:12:41.0945 3000 usbhub - ok
21:12:41.0976 3000 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:12:41.0976 3000 usbohci - ok
21:12:42.0054 3000 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:12:42.0054 3000 usbprint - ok
21:12:42.0085 3000 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:12:42.0085 3000 USBSTOR - ok
21:12:42.0116 3000 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:12:42.0116 3000 usbuhci - ok
21:12:42.0179 3000 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:12:42.0179 3000 usbvideo - ok
21:12:42.0210 3000 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:12:42.0226 3000 UxSms - ok
21:12:42.0257 3000 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:12:42.0257 3000 VaultSvc - ok
21:12:42.0304 3000 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:12:42.0304 3000 vdrvroot - ok
21:12:42.0366 3000 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:12:42.0397 3000 vds - ok
21:12:42.0460 3000 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:12:42.0460 3000 vga - ok
21:12:42.0475 3000 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:12:42.0506 3000 VgaSave - ok
21:12:42.0553 3000 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:12:42.0569 3000 vhdmp - ok
21:12:42.0631 3000 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:12:42.0631 3000 viaagp - ok
21:12:42.0678 3000 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:12:42.0694 3000 ViaC7 - ok
21:12:42.0740 3000 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:12:42.0756 3000 viaide - ok
21:12:42.0787 3000 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:12:42.0803 3000 volmgr - ok
21:12:42.0834 3000 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:12:42.0834 3000 volmgrx - ok
21:12:42.0881 3000 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:12:42.0881 3000 volsnap - ok
21:12:42.0943 3000 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:12:42.0959 3000 vsmraid - ok
21:12:43.0037 3000 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:12:43.0099 3000 VSS - ok
21:12:43.0130 3000 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:12:43.0130 3000 vwifibus - ok
21:12:43.0177 3000 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:12:43.0193 3000 vwififlt - ok
21:12:43.0224 3000 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:12:43.0224 3000 vwifimp - ok
21:12:43.0302 3000 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:12:43.0333 3000 W32Time - ok
21:12:43.0364 3000 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:12:43.0364 3000 WacomPen - ok
21:12:43.0411 3000 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:12:43.0411 3000 WANARP - ok
21:12:43.0427 3000 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:12:43.0442 3000 Wanarpv6 - ok
21:12:43.0489 3000 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:12:43.0536 3000 wbengine - ok
21:12:43.0567 3000 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:12:43.0583 3000 WbioSrvc - ok
21:12:43.0645 3000 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:12:43.0692 3000 wcncsvc - ok
21:12:43.0723 3000 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:12:43.0739 3000 WcsPlugInService - ok
21:12:43.0770 3000 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:12:43.0786 3000 Wd - ok
21:12:43.0832 3000 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:12:43.0864 3000 Wdf01000 - ok
21:12:43.0910 3000 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:12:43.0926 3000 WdiServiceHost - ok
21:12:43.0957 3000 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:12:43.0957 3000 WdiSystemHost - ok
21:12:44.0004 3000 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:12:44.0020 3000 WebClient - ok
21:12:44.0066 3000 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:12:44.0082 3000 Wecsvc - ok
21:12:44.0113 3000 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:12:44.0113 3000 wercplsupport - ok
21:12:44.0176 3000 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:12:44.0176 3000 WerSvc - ok
21:12:44.0238 3000 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:12:44.0238 3000 WfpLwf - ok
21:12:44.0285 3000 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:12:44.0285 3000 WIMMount - ok
21:12:44.0363 3000 [ 082CF481F659FAE0DE51AD060881EB47 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:12:44.0394 3000 WinDefend - ok
21:12:44.0456 3000 WinHttpAutoProxySvc - ok
21:12:44.0534 3000 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:12:44.0550 3000 Winmgmt - ok
21:12:44.0644 3000 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:12:44.0690 3000 WinRM - ok
21:12:44.0784 3000 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:12:44.0831 3000 Wlansvc - ok
21:12:44.0956 3000 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:12:45.0034 3000 wlidsvc - ok
21:12:45.0080 3000 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:12:45.0080 3000 WmiAcpi - ok
21:12:45.0127 3000 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:12:45.0127 3000 wmiApSrv - ok
21:12:45.0236 3000 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:12:45.0283 3000 WMPNetworkSvc - ok
21:12:45.0330 3000 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:12:45.0330 3000 WPCSvc - ok
21:12:45.0377 3000 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:12:45.0408 3000 WPDBusEnum - ok
21:12:45.0439 3000 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:12:45.0455 3000 ws2ifsl - ok
21:12:45.0470 3000 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
21:12:45.0486 3000 wscsvc - ok
21:12:45.0502 3000 WSearch - ok
21:12:45.0611 3000 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:12:45.0736 3000 wuauserv - ok
21:12:45.0767 3000 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:12:45.0782 3000 WudfPf - ok
21:12:45.0829 3000 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:12:45.0845 3000 WUDFRd - ok
21:12:45.0907 3000 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:12:45.0954 3000 wudfsvc - ok
21:12:46.0001 3000 [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:12:46.0032 3000 WwanSvc - ok
21:12:46.0063 3000 ================ Scan global ===============================
21:12:46.0141 3000 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:12:46.0188 3000 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:12:46.0250 3000 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:12:46.0282 3000 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:12:46.0313 3000 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:12:46.0328 3000 [Global] - ok
21:12:46.0328 3000 ================ Scan MBR ==================================
21:12:46.0360 3000 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:12:46.0640 3000 \Device\Harddisk0\DR0 - ok
21:12:46.0640 3000 ================ Scan VBR ==================================
21:12:46.0656 3000 [ 7EE10955BF77C7EFD16132DC66F4377C ] \Device\Harddisk0\DR0\Partition1
21:12:46.0656 3000 \Device\Harddisk0\DR0\Partition1 - ok
21:12:46.0687 3000 [ 7BDA86BFC39A6CEAB1E311F1DAD5BEBB ] \Device\Harddisk0\DR0\Partition2
21:12:46.0687 3000 \Device\Harddisk0\DR0\Partition2 - ok
21:12:46.0687 3000 ============================================================
21:12:46.0687 3000 Scan finished
21:12:46.0687 3000 ============================================================
21:12:46.0718 2312 Detected object count: 0
21:12:46.0718 2312 Actual detected object count: 0
21:14:37.0973 5640 ============================================================
21:14:37.0973 5640 Scan started
21:14:37.0973 5640 Mode: Manual;
21:14:37.0973 5640 ============================================================
21:14:38.0129 5640 ================ Scan system memory ========================
21:14:38.0129 5640 System memory - ok
21:14:38.0129 5640 ================ Scan services =============================
21:14:38.0316 5640 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:14:38.0316 5640 1394ohci - ok
21:14:38.0379 5640 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:14:38.0379 5640 ACPI - ok
21:14:38.0425 5640 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:14:38.0425 5640 AcpiPmi - ok
21:14:38.0457 5640 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:14:38.0472 5640 AdobeFlashPlayerUpdateSvc - ok
21:14:38.0535 5640 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:14:38.0535 5640 adp94xx - ok
21:14:38.0550 5640 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:14:38.0566 5640 adpahci - ok
21:14:38.0597 5640 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:14:38.0597 5640 adpu320 - ok
21:14:38.0644 5640 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:14:38.0659 5640 AeLookupSvc - ok
21:14:38.0706 5640 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:14:38.0706 5640 AFD - ok
21:14:38.0753 5640 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:14:38.0753 5640 agp440 - ok
21:14:38.0784 5640 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:14:38.0784 5640 aic78xx - ok
21:14:38.0815 5640 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:14:38.0831 5640 ALG - ok
21:14:38.0847 5640 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:14:38.0847 5640 aliide - ok
21:14:38.0862 5640 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:14:38.0878 5640 amdagp - ok
21:14:38.0893 5640 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:14:38.0893 5640 amdide - ok
21:14:38.0925 5640 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:14:38.0925 5640 AmdK8 - ok
21:14:38.0940 5640 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:14:38.0940 5640 AmdPPM - ok
21:14:38.0987 5640 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:14:38.0987 5640 amdsata - ok
21:14:39.0034 5640 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:14:39.0034 5640 amdsbs - ok
21:14:39.0065 5640 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:14:39.0065 5640 amdxata - ok
21:14:39.0112 5640 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:14:39.0112 5640 AppID - ok
21:14:39.0127 5640 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:14:39.0143 5640 AppIDSvc - ok
21:14:39.0174 5640 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
21:14:39.0174 5640 Appinfo - ok
21:14:39.0330 5640 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:14:39.0330 5640 Apple Mobile Device - ok
21:14:39.0393 5640 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:14:39.0393 5640 arc - ok
21:14:39.0424 5640 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:14:39.0424 5640 arcsas - ok
21:14:39.0533 5640 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:14:39.0549 5640 aspnet_state - ok
21:14:39.0580 5640 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:14:39.0580 5640 AsyncMac - ok
21:14:39.0627 5640 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:14:39.0627 5640 atapi - ok
21:14:39.0705 5640 [ 0F4B6B99D6CDC1D93DF1FA690796B2F7 ] athr C:\Windows\system32\DRIVERS\athr.sys
21:14:39.0720 5640 athr - ok
21:14:39.0783 5640 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:14:39.0783 5640 AudioEndpointBuilder - ok
21:14:39.0861 5640 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:14:39.0861 5640 Audiosrv - ok
21:14:39.0907 5640 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:14:39.0907 5640 AxInstSV - ok
21:14:39.0970 5640 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:14:39.0985 5640 b06bdrv - ok
21:14:40.0063 5640 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:14:40.0063 5640 b57nd60x - ok
21:14:40.0188 5640 [ 4191F221E4AF85A391567C6F9B55F370 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
21:14:40.0219 5640 BCM43XX - ok
21:14:40.0251 5640 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:14:40.0251 5640 BDESVC - ok
21:14:40.0282 5640 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:14:40.0282 5640 Beep - ok
21:14:40.0329 5640 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:14:40.0344 5640 BFE - ok
21:14:40.0391 5640 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
21:14:40.0407 5640 BITS - ok
21:14:40.0438 5640 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:14:40.0438 5640 blbdrive - ok
21:14:40.0485 5640 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:14:40.0500 5640 Bonjour Service - ok
21:14:40.0547 5640 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:14:40.0547 5640 bowser - ok
21:14:40.0578 5640 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:14:40.0578 5640 BrFiltLo - ok
21:14:40.0609 5640 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:14:40.0609 5640 BrFiltUp - ok
21:14:40.0625 5640 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:14:40.0625 5640 BridgeMP - ok
21:14:40.0672 5640 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:14:40.0672 5640 Browser - ok
21:14:40.0719 5640 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:14:40.0719 5640 Brserid - ok
21:14:40.0750 5640 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:14:40.0750 5640 BrSerWdm - ok
21:14:40.0781 5640 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:14:40.0781 5640 BrUsbMdm - ok
21:14:40.0797 5640 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:14:40.0797 5640 BrUsbSer - ok
21:14:40.0828 5640 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:14:40.0828 5640 BTHMODEM - ok
21:14:40.0859 5640 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:14:40.0875 5640 bthserv - ok
21:14:40.0999 5640 catchme - ok
21:14:41.0046 5640 [ 2B2F9B4A08190334A9C36446B208BAE9 ] ccSet_NST C:\Windows\system32\drivers\NST\0200000.010\ccSetx86.sys
21:14:41.0046 5640 ccSet_NST - ok
21:14:41.0077 5640 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:14:41.0077 5640 cdfs - ok
21:14:41.0124 5640 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:14:41.0124 5640 cdrom - ok
21:14:41.0171 5640 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:14:41.0171 5640 CertPropSvc - ok
21:14:41.0171 5640 Scan interrupted by user!
21:14:41.0187 5640 ================ Scan global ===============================
21:14:41.0187 5640 Scan interrupted by user!
21:14:41.0187 5640 ================ Scan MBR ==================================
21:14:41.0187 5640 Scan interrupted by user!
21:14:41.0187 5640 ================ Scan VBR ==================================
21:14:41.0187 5640 Scan interrupted by user!
21:14:41.0187 5640 ============================================================
21:14:41.0187 5640 Scan finished
21:14:41.0187 5640 ============================================================
21:14:41.0202 5996 Detected object count: 0
21:14:41.0218 5996 Actual detected object count: 0
21:14:44.0322 3384 Deinitialize success

Here is the OTL Log:

========== OTL ==========
File C:\Users\Steph\AppData\Roaming\Mozilla\Firefox not found.
C:\ProgramData\boost_interprocess folder moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\application data\boost_interprocess not found.
File\Folder C:\ProgramData\boost_interprocess not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 58264 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Steph
->Flash cache emptied: 60445 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Steph
->Java cache emptied: 638435 bytes

Total Java Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08152013_215827

The next scan was as follows:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

I got this message:
Windows Resource Protection did not find any integrity violations

Edited by sdockery, 15 August 2013 - 09:48 PM.

  • 0

#6
sdockery
Posted 15 August 2013 - 10:15 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Attached File  junk.txt   23.41KB   125 downloads

VEW Report was:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/08/2013 11:07:08 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/08/2013 3:22:14 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name nobu.backup.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 16/08/2013 3:19:42 AM
Type: Warning Category: 0
Event: 15 Source: ACPI
: The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS.

Log: 'System' Date/Time: 16/08/2013 3:19:09 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

VEW Log Application results:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/08/2013 11:17:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by sdockery, 15 August 2013 - 10:20 PM.

  • 0

#7
sdockery
Posted 15 August 2013 - 10:30 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Here's the procexp.exe report:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 71.93 0 K 12 K 0
procexp.exe 18.43 21,636 K 37,364 K 5952 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 2.04 0 K 0 K n/a Hardware Interrupts and DPCs
SynTPEnh.exe 1.81 7,036 K 2,508 K 3432 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
chrome.exe 1.14 23,020 K 25,012 K 2524 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.79 55,580 K 70,168 K 4444 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.62 9,600 K 6,964 K 512 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.53 150,348 K 161,056 K 4320 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.51 30,932 K 31,224 K 2516 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 0.44 3,652 K 5,400 K 608 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.41 2,864 K 2,788 K 732 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.38 48 K 460 K 4
LManager.exe 0.19 9,576 K 796 K 3232 Launch Manager Dritek System Inc. (Verified) Dritek System Inc.
mwlDaemon.exe 0.18 3,692 K 1,628 K 3328 MyWinLocker Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
svchost.exe 0.14 18,864 K 18,812 K 1112 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 0.11 2,224 K 1,032 K 1648 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 0.07 13,448 K 8,132 K 1340 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
GregHSRW.exe 0.07 1,076 K 808 K 1828 Global Registration Service Acer Incorporated (Verified) Acer Incorporated
iPodService.exe 0.05 1,680 K 1,712 K 896 iPodService Module (32-bit) Apple Inc. (Verified) Apple Inc.
SearchIndexer.exe 0.03 39,624 K 14,928 K 2396 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
ePowerTray.exe 0.02 2,340 K 1,736 K 3280 ePowerTray Acer Incorporated (Verified) Acer Incorporated
ePowerEvent.exe 0.02 820 K 340 K 1576 ePowerEvent Acer Incorporated (Verified) Acer Incorporated
chrome.exe 0.02 43,384 K 33,500 K 4352 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.02 1,360 K 1,632 K 452 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
ccSvcHst.exe 0.02 3,760 K 4,724 K 2020 Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
NOBuAgent.exe 0.01 3,920 K 1,136 K 2600 Norton Online Backup Service Symantec Corporation (Verified) Symantec Corporation
svchost.exe 0.01 8,156 K 9,156 K 1064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 0.01 4,376 K 2,112 K 1244 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
mbamgui.exe 0.01 2,652 K 2,280 K 2468 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
wmpnetwk.exe 0.01 3,488 K 5,172 K 3900 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 24,644 K 22,612 K 1024 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dsiwmis.exe < 0.01 820 K 436 K 1732 Dritek WMI Service Dritek System Inc. (Verified) Dritek System Inc.
iTunesHelper.exe < 0.01 2,960 K 2,108 K 3712 iTunesHelper Apple Inc. (Verified) Apple Inc.
GoogleCrashHandler.exe < 0.01 1,176 K 520 K 3540 Google Crash Handler Google Inc. (Verified) Google Inc
wuauclt.exe 1,400 K 1,316 K 2480 Windows Update Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2,024 K 2,912 K 3112 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 604 K 256 K 792 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WkCalRem.exe 784 K 1,104 K 3972 Microsoft® Works Calendar Reminder Service Microsoft® Corporation (Verified) Microsoft Corporation
winlogon.exe 1,680 K 1,168 K 596 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 868 K 212 K 504 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe 708 K 696 K 700 Acer Update Service Acer (Verified) Acer Incorporated
unsecapp.exe 1,124 K 1,436 K 3012 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 6,856 K 3,796 K 2404 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 568 K 224 K 2904 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 14,684 K 9,920 K 988 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,544 K 3,640 K 808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,528 K 4,268 K 1800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,884 K 7,384 K 1556 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,784 K 2,220 K 2560 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 4,716 K 1,984 K 1520 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
soffice.exe 712 K 148 K 3984 OpenOffice.org 3.4.1 OpenOffice.org (No signature was present in the subject) OpenOffice.org
soffice.bin 13,412 K 2,984 K 4020 OpenOffice.org 3.4.1 OpenOffice.org (No signature was present in the subject) OpenOffice.org
smss.exe 252 K 524 K 308 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,708 K 3,656 K 560 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtHDVCpl.exe 7,608 K 1,592 K 3268 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
RS_Service.exe 788 K 368 K 12 Raw Socket Service Acer Incorporated (No signature was present in the subject) Acer Incorporated
rndlresolversvc.exe 684 K 304 K 348 (Verified) RealNetworks
realsched.exe 1,432 K 1,224 K 3688 RealNetworks Scheduler RealNetworks, Inc. (Verified) RealNetworks
ONENOTEM.EXE 820 K 1,112 K 3876 Microsoft Office OneNote Quick Launcher Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe 1,080 K 5,280 K 4588 Notepad Microsoft Corporation (Verified) Microsoft Windows
NOBuClient.exe 2,984 K 696 K 1308 Norton Online Backup Service Symantec Corporation (Verified) Symantec Corporation
msseces.exe 5,056 K 1,100 K 3560 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
MsMpEng.exe 51,584 K 1,276 K 864 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
mDNSResponder.exe 1,700 K 2,220 K 1688 Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamservice.exe 108,664 K 3,156 K 1992 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 1,768 K 380 K 1964 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 1,348 K 1,232 K 616 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 796 K 268 K 3772 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
igfxtray.exe 1,388 K 1,220 K 3356 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 1,608 K 1,196 K 3636 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,380 K 1,252 K 3392 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxext.exe 1,172 K 1,228 K 2300 igfxext Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 1,540 K 1,632 K 1416 RAID Monitor Intel Corporation (Verified) Intel Corporation
IAAnotif.exe 1,840 K 1,888 K 3256 Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
hkcmd.exe 1,504 K 1,236 K 3372 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
ePowerSvc.exe 1,464 K 1,216 K 1772 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
EgisUpdate.exe 2,424 K 824 K 3312 EgisUpdate Release Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
dwm.exe 924 K 1,092 K 2496 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 24,064 K 27,452 K 4060 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 21,328 K 22,072 K 1108 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 24,096 K 26,796 K 4552 Google Chrome Google Inc. (Verified) Google Inc
AcerVCM.exe 1,248 K 716 K 3796 Acer VCM Acer Incorporated (No signature was present in the subject) Acer Incorporated
  • 0

#8
sdockery
Posted 15 August 2013 - 10:40 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
My computer appears to be operating smoothly at the moment. I would like to know what you found out from the reports. Your time and effort is greatly appreciated. Thank you. Any advice will be greatly appreciated.
  • 0

#9
RKinner
Posted 16 August 2013 - 12:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Not finding too much. A small amount of adware but you had run AdwCleaner several times before.

Combofix reported a funny driver:
*NewlyCreated* - 75804843
*Deregistered* - 75804843

It didn't show up in TDSSKiller or OTL so not sure what it was. You might run Combofix again and see if it still shows up.

Not sure why you would need this: Bing Ads Intelligence

And I really do not like P2P programs: Vuze Easy way to get infected.


Couple of minor errors in the event log:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 16/08/2013 3:22:14 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name nobu.backup.com timed out after none of the configured DNS servers responded.


Not sure why you got this one. It's related to Norton Online Backup. Suspect it's just a timing issue. Probably asked for the DNS before the network was established.

Log: 'System' Date/Time: 16/08/2013 3:19:42 AM
Type: Warning Category: 0
Event: 15 Source: ACPI
: The embedded controller (EC) returned data when none was requested. The BIOS might be trying to access the EC without synchronizing with the operating system. This data will be ignored. No further action is necessary; however, you should check with your computer manufacturer for an upgraded BIOS.


This one seems to think you need an updated BIOS. Check with your PC maker and see if they have one for your PC.

Process Explorer says this one is a bit high:

Interrupts 2.04 0 K 0 K n/a Hardware Interrupts and DPCs

I usually see Interrupts running at about 1.00 More seems to slow the CPU down more than you would think sometimes causing jerky video. Sometimes a bad battery in a laptop will cause this. Since it is a laptop, shut it down, remove the battery, start it back up and run Process Explorer with the battery out and see if it gets closer to 1. If that doesn't help then see if your video card allows you to turn down hardware acceleration http://www.thewindow...ation-windows-7
This can also be caused by a bad driver usually the video driver so see if an update is available.
Finally it could be heat related. I've seen this jump when the video overheated. Try speedfan

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. Speedfan will alarm by default at 50 but laptops can run up to about 60 without being bad.

Let's run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

If you have the time you can run it again but this time change the a-v scan to C:\ before starting the scan. This will take quite a bit longer as it will scan your whole C:\ drive using the Avast Anti-Virus.

ESET online scan is another good one. Takes a long time tho:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.
  • 0

#10
sdockery
Posted 16 August 2013 - 01:55 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I downloaded the Bing ads Intelligence recently but haven't had time to use it as a tool to help with finding and analyzing keywords since I am an affiliate marketer. I got rid of it and the Vuze as suggested. Thank you.

I will run the aswMBR shortly.

My computer does not allow me to change the display settings.

Here's the Process Explorer Report after I took the battery out:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
AcerVCM.exe 1,248 K 1,992 K 2524 Acer VCM Acer Incorporated (No signature was present in the subject) Acer Incorporated
audiodg.exe 16,792 K 6,860 K 1160 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
ccSvcHst.exe 4,156 K 4,856 K 1932 Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
dwm.exe 836 K 1,160 K 2892 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
EgisUpdate.exe 2,504 K 3,168 K 3472 EgisUpdate Release Application Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
ePowerEvent.exe 824 K 1,704 K 3868 ePowerEvent Acer Incorporated (Verified) Acer Incorporated
ePowerSvc.exe 1,544 K 2,188 K 1740 ePowerSvc Acer Incorporated (Verified) Acer Incorporated
ePowerTray.exe 2,456 K 3,020 K 3432 ePowerTray Acer Incorporated (Verified) Acer Incorporated
GoogleCrashHandler.exe 1,076 K 420 K 2684 Google Crash Handler Google Inc. (Verified) Google Inc
hkcmd.exe 1,528 K 2,800 K 3572 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAAnotif.exe 1,640 K 2,144 K 3396 Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
IAANTmon.exe 1,536 K 2,432 K 552 RAID Monitor Intel Corporation (Verified) Intel Corporation
igfxext.exe 1,200 K 2,576 K 4020 igfxext Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 1,428 K 2,776 K 3592 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxsrvc.exe 1,704 K 2,928 K 3684 igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxtray.exe 1,392 K 2,796 K 3560 igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
jusched.exe 800 K 1,548 K 4052 Java™ Update Scheduler Oracle Corporation (Verified) Oracle America
lsass.exe 3,240 K 4,076 K 588 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 1,412 K 1,688 K 596 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
mbamscheduler.exe 1,784 K 1,840 K 1872 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamservice.exe 108,504 K 1,784 K 1900 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mDNSResponder.exe 1,448 K 1,568 K 1660 Bonjour Service Apple Inc. (Verified) Apple Inc.
mscorsvw.exe 1,800 K 2,900 K 4588 .NET Runtime Optimization Service Microsoft Corporation (Verified) Microsoft Corporation
MsMpEng.exe 51,396 K 9,388 K 852 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
msseces.exe 4,968 K 4,152 K 3924 Microsoft Security Client User Interface Microsoft Corporation (Verified) Microsoft Corporation
mwlDaemon.exe 3,920 K 3,704 K 3488 MyWinLocker Egis Technology Inc. (Verified) EGIS TECHNOLOGY INC.
NOBuClient.exe 2,996 K 4,428 K 4824 Norton Online Backup Service Symantec Corporation (Verified) Symantec Corporation
notepad.exe 1,076 K 3,200 K 5008 Notepad Microsoft Corporation (Verified) Microsoft Windows
ONENOTEM.EXE 732 K 732 K 2680 Microsoft Office OneNote Quick Launcher Microsoft Corporation (Verified) Microsoft Corporation
realsched.exe 1,464 K 208 K 4004 RealNetworks Scheduler RealNetworks, Inc. (Verified) RealNetworks
rndlresolversvc.exe 680 K 1,100 K 1988 (Verified) RealNetworks
RtHDVCpl.exe 7,960 K 3,092 K 3420 Realtek HD Audio Manager Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
services.exe 4,236 K 3,608 K 564 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
smss.exe 256 K 380 K 308 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
soffice.bin 13,456 K 11,580 K 2576 OpenOffice.org 3.4.1 OpenOffice.org (No signature was present in the subject) OpenOffice.org
soffice.exe 720 K 1,020 K 2740 OpenOffice.org 3.4.1 OpenOffice.org (No signature was present in the subject) OpenOffice.org
spoolsv.exe 4,780 K 3,568 K 1464 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
sppsvc.exe 5,580 K 2,136 K 4868 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,640 K 1,396 K 2332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3,828 K 2,672 K 1772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,616 K 3,340 K 800 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 28,680 K 20,776 K 1020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,720 K 3,684 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 572 K 772 K 2808 Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
taskhost.exe 2,340 K 2,516 K 2828 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 12,044 K 13,540 K 1244 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,132 K 2,228 K 3112 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
UpdaterService.exe 712 K 1,100 K 364 Acer Update Service Acer (Verified) Acer Incorporated
wininit.exe 888 K 940 K 504 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,760 K 2,120 K 628 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WkCalRem.exe 680 K 964 K 2752 Microsoft® Works Calendar Reminder Service Microsoft® Corporation (Verified) Microsoft Corporation
WLIDSVCM.EXE 612 K 928 K 2060 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WmiPrvSE.exe 1,944 K 2,816 K 3096 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 3,208 K 1,844 K 4000 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 8,084 K 4,588 K 1516 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
RS_Service.exe < 0.01 796 K 968 K 2020 Raw Socket Service Acer Incorporated (No signature was present in the subject) Acer Incorporated
dsiwmis.exe < 0.01 840 K 1,296 K 1704 Dritek WMI Service Dritek System Inc. (Verified) Dritek System Inc.
iTunesHelper.exe < 0.01 2,988 K 4,764 K 4028 iTunesHelper Apple Inc. (Verified) Apple Inc.
csrss.exe 0.01 1,372 K 1,852 K 464 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe 0.01 2,424 K 2,344 K 2844 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
WLIDSVC.EXE 0.01 4,328 K 4,012 K 468 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
svchost.exe 0.01 12,308 K 6,056 K 1332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.01 23,076 K 8,968 K 2260 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
NOBuAgent.exe 0.02 3,832 K 5,036 K 4700 Norton Online Backup Service Symantec Corporation (Verified) Symantec Corporation
svchost.exe 0.03 6,208 K 4,912 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 0.04 2,304 K 3,300 K 1632 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 0.05 97,828 K 55,200 K 1100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 0.07 1,628 K 2,540 K 3100 iPodService Module (32-bit) Apple Inc. (Verified) Apple Inc.
GregHSRW.exe 0.08 1,228 K 1,392 K 1800 Global Registration Service Acer Incorporated (Verified) Acer Incorporated
svchost.exe 0.14 15,176 K 8,064 K 984 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LManager.exe 0.22 9,632 K 3,796 K 3376 Launch Manager Dritek System Inc. (Verified) Dritek System Inc.
explorer.exe 0.26 27,076 K 27,164 K 2924 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 0.33 44 K 660 K 4
csrss.exe 0.41 8,664 K 5,000 K 512 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SynTPEnh.exe 1.35 7,016 K 4,440 K 3796 Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
Interrupts 1.59 0 K 0 K n/a Hardware Interrupts and DPCs
procexp.exe 20.77 20,152 K 32,712 K 5696 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 74.58 0 K 12 K 0

Edited by sdockery, 16 August 2013 - 02:13 PM.

  • 0

Advertisements

#11
sdockery
Posted 16 August 2013 - 02:29 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Speedfan is 41C
  • 0

#12
sdockery
Posted 16 August 2013 - 02:42 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
FixMBR button enabled. Here's the first scan report:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-16 15:36:56
-----------------------------
15:36:56.318 OS Version: Windows 6.1.7601 Service Pack 1
15:36:56.319 Number of processors: 2 586 0x1C0A
15:36:56.322 ComputerName: STEPH-PC UserName: Steph
15:36:57.548 Initialize success
15:39:00.238 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:39:00.253 Disk 0 Vendor: ST916031 0001 Size: 152627MB BusType: 3
15:39:00.377 Disk 0 MBR read successfully
15:39:00.389 Disk 0 MBR scan
15:39:00.402 Disk 0 Windows 7 default MBR code
15:39:00.412 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
15:39:00.440 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
15:39:00.455 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
15:39:00.469 Disk 0 scanning sectors +312579760
15:39:00.654 Disk 0 scanning C:\Windows\system32\drivers
15:39:09.980 Service scanning
15:39:30.005 Modules scanning
15:39:41.752 Scan finished successfully
15:40:14.584 Disk 0 MBR has been saved successfully to "C:\Users\Steph\Desktop\MBR.dat"
15:40:14.611 The log file has been saved successfully to "C:\Users\Steph\Desktop\aswMBR.txt"
  • 0

#13
sdockery
Posted 16 August 2013 - 05:52 PM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I just did the complete avast scan and it had two red lin es where one said *Infected* but when the scan was finished and I tried to save log the whole avast program shut off and I can't find a saved log for that scan anywhere. One of those red lines had xtremefreecommission.bot and the other had RAP something. I will try to run it again but it takes so long. If it did save that log whereand how do you think I can find it? I have looke about everywhere unless it uses a name I'm not aware of.
  • 0

#14
RKinner
Posted 16 August 2013 - 06:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
aswMBR usually puts the log in the same folder where it ran so I would think it would be:
C:\Users\Steph\Desktop\aswMBR.txt I think it just tacks the log on to the bottom of the previous log.
  • 0

#15
sdockery
Posted 17 August 2013 - 07:51 AM

sdockery

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
The ESET after running 9+ Hours said NO THREAT FOUND

I cant seem to get the aswMBR to give me a scan button all it says now is save log and exit the other buttons are grayed out. Is that because I went ahead and did the complete Avast scan, I wonder?

Edited by sdockery, 17 August 2013 - 10:09 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP