PDA

View Full Version : Request for help



nellie
2013-03-18, 23:35
My children have been downloading stuff which has changed search engine and possibly infected my PC with spyware/malware. Would like to request assistance please.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by Rick at 6:49:41 on 2013-03-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.1155 [GMT 0:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\Rick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files (x86)\PURE Flow Server\twonkymediaserverconfig.exe
C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Users\Rick\AppData\Local\Smartbar\Application\QuickShare.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.delta-search.com/?affID=121240&babsrc=HP_ss&mntrId=14AD54335A199D0E
uURLSearchHooks: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: Solid Savings: {11111111-1111-1111-1111-110211621178} - C:\Program Files (x86)\Solid Savings\Solid Savings.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify Web Helper] "C:\Users\Rick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Google Update] "C:\Users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Browser Infrastructure Helper] C:\Users\Rick\AppData\Local\Smartbar\Application\QuickShare.exe startup
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun: [DHSClient.exe] "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [Check Point Endpoint Security] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\Rick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Rick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PUREFL~1.LNK - C:\Program Files (x86)\PURE Flow Server\twonkymediaserverconfig.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutorun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2C4C7ED0-6783-40CB-8052-DED17AC0FAD8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B03AE1B0-8357-40AE-803B-242412DBD29A} : DHCPNameServer = 109.249.185.224 109.249.188.32
TCP: Interfaces\{E0223885-1943-4AE8-8DC4-C8F81DDEB5BB} : DHCPNameServer = 170.198.40.65 170.198.78.65
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-13 55856]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203776]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-3-17 2561488]
R2 HsdService;HsdService;C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2012-4-30 1406264]
R2 PURE Flow Server;PURE Flow Server;C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe -serviceversion 0 --> C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2009-11-9 26624]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2012-4-30 689464]
R2 TracSrvWrapper;Check Point Endpoint Security;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-9-26 4142608]
R2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-7-26 109064]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-5-12 25072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\System32\drivers\vnaap.sys [2010-9-26 161256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-4 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-2-28 64272]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2009-11-9 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2009-11-9 24064]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2009-11-9 43008]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-3 1255736]
.
=============== Created Last 30 ================
.
2013-03-17 12:01:12 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-03-17 11:59:56 -------- d-----w- C:\Users\Rick\AppData\Roaming\Kingsoft
2013-03-17 11:59:56 -------- d-----w- C:\ProgramData\Kingsoft
2013-03-17 11:59:54 -------- d-----w- C:\Program Files (x86)\Kingsoft
2013-03-17 11:58:42 -------- d-----w- C:\Program Files (x86)\PriceGong
2013-03-17 11:56:34 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2013-03-17 11:56:33 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2013-03-17 11:56:32 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2013-03-17 11:56:32 -------- d-----w- C:\Program Files (x86)\PDFCreator
2013-03-17 11:55:43 -------- d-----w- C:\Users\Rick\AppData\Local\Smartbar
2013-03-17 11:55:20 -------- d-----w- C:\Users\Rick\AppData\Local\Solid Savings
2013-03-17 11:55:11 -------- d-----w- C:\Users\Rick\AppData\Local\Updater26278
2013-03-17 11:55:03 -------- d-----w- C:\Program Files (x86)\Solid Savings
2013-03-17 11:54:44 -------- d-----w- C:\Windows\SysWow64\searchplugins
2013-03-17 11:54:44 -------- d-----w- C:\Windows\SysWow64\Extensions
2013-03-17 11:54:41 -------- d-----w- C:\ProgramData\BrowserProtect
2013-03-17 11:54:37 -------- d-----w- C:\Users\Rick\AppData\Roaming\BabSolution
2013-03-17 11:54:33 -------- d-----w- C:\Program Files (x86)\Delta
2013-03-17 11:54:32 -------- d-----w- C:\Users\Rick\AppData\Roaming\Delta
2013-03-17 11:54:16 -------- d-----w- C:\Users\Rick\AppData\Roaming\Babylon
2013-03-17 11:54:16 -------- d-----w- C:\ProgramData\Babylon
2013-03-17 11:54:01 -------- d-----w- C:\Users\Rick\AppData\Local\Wajam
2013-03-17 11:53:59 -------- d-----w- C:\Program Files (x86)\Wajam
2013-03-12 15:33:49 -------- d-----w- C:\Program Files\iPod
2013-03-12 15:33:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-12 15:33:48 -------- d-----w- C:\Program Files\iTunes
2013-03-12 15:33:48 -------- d-----w- C:\Program Files (x86)\iTunes
2013-02-24 15:52:05 -------- d-----w- C:\Windows\en-gb
2013-02-24 15:51:49 -------- d-----w- C:\Windows\en
2013-02-24 15:50:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-02-24 15:47:56 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2013-02-24 15:47:56 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2013-02-24 15:47:56 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2013-02-24 15:47:56 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2013-02-24 15:47:54 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2013-02-24 15:47:54 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-02-24 15:47:51 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2013-02-24 15:47:51 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-02-24 15:43:39 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b45c0dca1ce12a504\DSETUP.dll
2013-02-24 15:43:39 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b45c0dca1ce12a504\DXSETUP.exe
2013-02-24 15:43:39 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b45c0dca1ce12a504\dsetup32.dll
2013-02-24 15:43:27 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aec21a7b1ce12a502\DSETUP.dll
2013-02-24 15:43:27 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aec21a7b1ce12a502\DXSETUP.exe
2013-02-24 15:43:27 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aec21a7b1ce12a502\dsetup32.dll
2013-02-24 15:43:22 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a8e79aca1ce12a501\DSETUP.dll
2013-02-24 15:43:22 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a8e79aca1ce12a501\DXSETUP.exe
2013-02-24 15:43:22 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a8e79aca1ce12a501\dsetup32.dll
2013-02-23 22:09:23 -------- d-----w- C:\Users\Rick\AppData\Local\SWTOR
2013-02-23 11:56:05 4991496 ----a-w- C:\Windows\System32\D3DX9_38.dll
2013-02-23 11:56:05 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll
2013-02-23 11:55:25 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2013-02-16 20:54:08 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
.
==================== Find3M ====================
.
2013-03-14 12:15:15 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 12:15:15 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-07-17 09:37:55 161744 ----a-w- C:\Program Files (x86)\u4res.dll
.
============= FINISH: 6:50:48.82 ===============

fbfbfb
2013-03-20, 03:09
Hello nellie. :snwelcome:

My name is fbfbfb. I will gladly assist you with your concerns.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice. This may cause a delay, but I will do my best to keep it as short as possible.

I am checking over your DDS log now, and I will post back shortly with instructions.

While working to resolve the issues with your machine, please follow these guidelines:
Please be patient. Logs are lengthy and can take time to analyze.
Read and follow my directions carefully, in the sequence they are posted. If you are unsure about anything, please ask for clarification before continuing.
Use only those tools that you have been directed to use.
Do not install or uninstall any applications or run any other scans without being directed to do so.
Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
Stay with me until your machine has been deemed all clear.
Please reply within 3 days to avoid closing this topic.

fbfbfb
2013-03-21, 04:29
Hello, nellie.

Your DDS log shows several entries that require attention. I would like to take a closer look at your system.

Please run the following scans

1. aswMBR

Please download aswMBR from HERE (public.avast.com/~gmerek/aswMBR.exe).
Double click aswMBR.exe to run it.
When asked if you want to download Avast's virus definitions, please select Yes.
Click the Scan button to start the scan.
http://i.imgur.com/2pn88.png
On completion of the scan, click save log, save it to your desktop, and post in your next reply.
http://i.imgur.com/7Khfh.png


2. TDSSKiller

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)


Extract it to your desktop
Double click TDSSKiller.exe
When the window opens, click on Change Parameters.
Under Additional options, put a check mark in the box next to Detect TDLFS File System.
Click OK.
Press Start Scan.
As we are only looking for a log of what is on the machine right now, choose to skip whatever is found.
Then click Continue > Reboot now.
Copy and paste the log in your next reply.

A copy of the log will be saved automatically to the root of the drive (typically C:\)

fbfbfb
2013-03-23, 01:20
Hello, nellie.

Do you still need help?

nellie
2013-03-23, 10:36
Hello fbfbfb, yes I still require help. Please find logs requested below. I have put in two posts as the character count was too long for a single post.

Thanks.

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-23 06:30:39
-----------------------------
06:30:39.560 OS Version: Windows x64 6.1.7601 Service Pack 1
06:30:39.561 Number of processors: 2 586 0x170A
06:30:39.562 ComputerName: 26NC-PC UserName: Rick
06:30:45.101 Initialize success
06:31:44.902 AVAST engine defs: 13032201
06:31:58.672 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
06:31:58.673 Disk 0 Vendor: WDC_WD6400AAKS-75A7B2 01.03B01 Size: 610480MB BusType: 3
06:31:59.016 Disk 0 MBR read successfully
06:31:59.018 Disk 0 MBR scan
06:31:59.025 Disk 0 Windows 7 default MBR code
06:31:59.029 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 78 MB offset 63
06:31:59.045 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 161792
06:31:59.082 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31619072
06:31:59.105 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 594940 MB offset 31823872
06:31:59.276 Disk 0 scanning C:\Windows\system32\drivers
06:32:35.328 Service scanning
06:32:58.273 Modules scanning
06:32:58.281 Disk 0 trace - called modules:
06:32:58.305 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
06:32:58.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004923060]
06:32:58.320 3 CLASSPNP.SYS[fffff8800190343f] -> nt!IofCallDriver -> [0xfffffa800447ad20]
06:32:58.326 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004469060]
06:32:59.578 AVAST engine scan C:\Windows
06:33:58.965 AVAST engine scan C:\Windows\system32
06:47:23.853 AVAST engine scan C:\Windows\system32\drivers
06:48:50.904 AVAST engine scan C:\Users\Rick
07:37:07.276 AVAST engine scan C:\ProgramData
07:44:38.823 Scan finished successfully
08:31:37.492 Disk 0 MBR has been saved successfully to "C:\Users\Rick\Desktop\MBR.dat"
08:31:37.498 The log file has been saved successfully to "C:\Users\Rick\Desktop\aswMBR.txt"

nellie
2013-03-23, 10:37
Make that three posts :red:


08:32:25.0451 5612 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:32:25.0579 5612 ============================================================
08:32:25.0579 5612 Current date / time: 2013/03/23 08:32:25.0579
08:32:25.0579 5612 SystemInfo:
08:32:25.0579 5612
08:32:25.0579 5612 OS Version: 6.1.7601 ServicePack: 1.0
08:32:25.0579 5612 Product type: Workstation
08:32:25.0579 5612 ComputerName: 26NC-PC
08:32:25.0579 5612 UserName: Rick
08:32:25.0579 5612 Windows directory: C:\Windows
08:32:25.0579 5612 System windows directory: C:\Windows
08:32:25.0580 5612 Running under WOW64
08:32:25.0580 5612 Processor architecture: Intel x64
08:32:25.0580 5612 Number of processors: 2
08:32:25.0580 5612 Page size: 0x1000
08:32:25.0580 5612 Boot type: Normal boot
08:32:25.0580 5612 ============================================================
08:32:26.0610 5612 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:32:26.0667 5612 ============================================================
08:32:26.0667 5612 \Device\Harddisk0\DR0:
08:32:26.0667 5612 MBR partitions:
08:32:26.0668 5612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1E00000
08:32:26.0668 5612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E27800, BlocksNum 0x32000
08:32:26.0668 5612 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E59800, BlocksNum 0x489FE000
08:32:26.0668 5612 ============================================================
08:32:26.0701 5612 C: <-> \Device\Harddisk0\DR0\Partition3
08:32:26.0731 5612 D: <-> \Device\Harddisk0\DR0\Partition1
08:32:26.0732 5612 ============================================================
08:32:26.0732 5612 Initialize success
08:32:26.0732 5612 ============================================================
08:32:58.0266 6668 ============================================================
08:32:58.0266 6668 Scan started
08:32:58.0266 6668 Mode: Manual; TDLFS;
08:32:58.0266 6668 ============================================================
08:32:59.0687 6668 ================ Scan system memory ========================
08:32:59.0687 6668 System memory - ok
08:32:59.0689 6668 ================ Scan services =============================
08:32:59.0825 6668 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:32:59.0828 6668 1394ohci - ok
08:32:59.0910 6668 [ 769DB4F484957CC98153B3C1B5D1162F ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:32:59.0912 6668 ACDaemon - ok
08:32:59.0955 6668 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:32:59.0958 6668 ACPI - ok
08:32:59.0998 6668 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:32:59.0999 6668 AcpiPmi - ok
08:33:00.0098 6668 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:33:00.0121 6668 AdobeARMservice - ok
08:33:00.0232 6668 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:33:00.0236 6668 AdobeFlashPlayerUpdateSvc - ok
08:33:00.0264 6668 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:33:00.0281 6668 adp94xx - ok
08:33:00.0304 6668 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:33:00.0309 6668 adpahci - ok
08:33:00.0320 6668 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:33:00.0323 6668 adpu320 - ok
08:33:00.0336 6668 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:33:00.0337 6668 AeLookupSvc - ok
08:33:00.0412 6668 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys
08:33:00.0413 6668 Afc - ok
08:33:00.0470 6668 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:33:00.0485 6668 AFD - ok
08:33:00.0530 6668 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:33:00.0532 6668 agp440 - ok
08:33:00.0545 6668 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:33:00.0547 6668 ALG - ok
08:33:00.0584 6668 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:33:00.0586 6668 aliide - ok
08:33:00.0625 6668 [ 5EBA5E837D6635AEA999BAE47E186C6F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
08:33:00.0628 6668 AMD External Events Utility - ok
08:33:00.0640 6668 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:33:00.0641 6668 amdide - ok
08:33:00.0667 6668 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:33:00.0669 6668 AmdK8 - ok
08:33:00.0858 6668 [ DCC8177244FE79C61C4E73C65E63922A ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:33:01.0007 6668 amdkmdag - ok
08:33:01.0035 6668 [ 7FE67D107329DC2CF89136A8E19BCEB7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
08:33:01.0039 6668 amdkmdap - ok
08:33:01.0050 6668 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:33:01.0052 6668 AmdPPM - ok
08:33:01.0100 6668 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:33:01.0102 6668 amdsata - ok
08:33:01.0119 6668 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:33:01.0122 6668 amdsbs - ok
08:33:01.0129 6668 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:33:01.0131 6668 amdxata - ok
08:33:01.0199 6668 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:33:01.0211 6668 AppID - ok
08:33:01.0232 6668 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:33:01.0234 6668 AppIDSvc - ok
08:33:01.0269 6668 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:33:01.0270 6668 Appinfo - ok
08:33:01.0357 6668 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:33:01.0359 6668 Apple Mobile Device - ok
08:33:01.0370 6668 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
08:33:01.0372 6668 arc - ok
08:33:01.0379 6668 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:33:01.0381 6668 arcsas - ok
08:33:01.0399 6668 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:33:01.0400 6668 AsyncMac - ok
08:33:01.0441 6668 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:33:01.0442 6668 atapi - ok
08:33:01.0585 6668 [ DCC8177244FE79C61C4E73C65E63922A ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
08:33:01.0624 6668 atikmdag - ok
08:33:01.0673 6668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:33:01.0691 6668 AudioEndpointBuilder - ok
08:33:01.0702 6668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:33:01.0706 6668 AudioSrv - ok
08:33:01.0898 6668 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
08:33:01.0975 6668 AVGIDSAgent - ok
08:33:02.0026 6668 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:33:02.0028 6668 AVGIDSDriver - ok
08:33:02.0086 6668 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
08:33:02.0105 6668 AVGIDSHA - ok
08:33:02.0174 6668 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
08:33:02.0188 6668 Avgldx64 - ok
08:33:02.0224 6668 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
08:33:02.0227 6668 Avgloga - ok
08:33:02.0270 6668 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
08:33:02.0271 6668 Avgmfx64 - ok
08:33:02.0294 6668 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
08:33:02.0295 6668 Avgrkx64 - ok
08:33:02.0311 6668 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
08:33:02.0314 6668 Avgtdia - ok
08:33:02.0347 6668 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
08:33:02.0350 6668 avgwd - ok
08:33:02.0395 6668 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:33:02.0398 6668 AxInstSV - ok
08:33:02.0435 6668 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
08:33:02.0450 6668 b06bdrv - ok
08:33:02.0485 6668 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:33:02.0522 6668 b57nd60a - ok
08:33:02.0559 6668 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:33:02.0561 6668 BDESVC - ok
08:33:02.0570 6668 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:33:02.0571 6668 Beep - ok
08:33:02.0633 6668 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:33:02.0650 6668 BFE - ok
08:33:02.0705 6668 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:33:02.0722 6668 BITS - ok
08:33:02.0742 6668 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:33:02.0744 6668 blbdrive - ok
08:33:02.0814 6668 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:33:02.0830 6668 Bonjour Service - ok
08:33:02.0868 6668 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:33:02.0870 6668 bowser - ok
08:33:02.0892 6668 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:33:02.0893 6668 BrFiltLo - ok
08:33:02.0904 6668 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:33:02.0905 6668 BrFiltUp - ok
08:33:02.0949 6668 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:33:02.0952 6668 Browser - ok
08:33:03.0104 6668 [ FA127AC8BDF668903543D29C96B31632 ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
08:33:03.0147 6668 BrowserProtect - ok
08:33:03.0157 6668 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:33:03.0161 6668 Brserid - ok
08:33:03.0173 6668 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:33:03.0174 6668 BrSerWdm - ok
08:33:03.0180 6668 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:33:03.0181 6668 BrUsbMdm - ok
08:33:03.0184 6668 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:33:03.0186 6668 BrUsbSer - ok
08:33:03.0200 6668 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:33:03.0201 6668 BTHMODEM - ok
08:33:03.0238 6668 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:33:03.0239 6668 bthserv - ok
08:33:03.0251 6668 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:33:03.0252 6668 cdfs - ok
08:33:03.0304 6668 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:33:03.0307 6668 cdrom - ok
08:33:03.0360 6668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:33:03.0362 6668 CertPropSvc - ok
08:33:03.0375 6668 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:33:03.0376 6668 circlass - ok
08:33:03.0394 6668 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:33:03.0400 6668 CLFS - ok
08:33:03.0449 6668 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:33:03.0451 6668 clr_optimization_v2.0.50727_32 - ok
08:33:03.0482 6668 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:33:03.0484 6668 clr_optimization_v2.0.50727_64 - ok
08:33:03.0571 6668 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:33:03.0594 6668 clr_optimization_v4.0.30319_32 - ok
08:33:03.0625 6668 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:33:03.0628 6668 clr_optimization_v4.0.30319_64 - ok
08:33:03.0652 6668 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:33:03.0654 6668 CmBatt - ok
08:33:03.0679 6668 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:33:03.0681 6668 cmdide - ok
08:33:03.0723 6668 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:33:03.0757 6668 CNG - ok
08:33:03.0775 6668 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:33:03.0776 6668 Compbatt - ok
08:33:03.0824 6668 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:33:03.0825 6668 CompositeBus - ok
08:33:03.0839 6668 COMSysApp - ok
08:33:03.0852 6668 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:33:03.0853 6668 crcdisk - ok
08:33:03.0901 6668 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
08:33:03.0995 6668 Creative ALchemy AL6 Licensing Service - ok
08:33:04.0015 6668 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
08:33:04.0035 6668 Creative Audio Engine Licensing Service - ok
08:33:04.0079 6668 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:33:04.0081 6668 CryptSvc - ok
08:33:04.0126 6668 [ F2E8C13E27A0044A19BA82E5C6E8879E ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
08:33:04.0130 6668 CT20XUT - ok
08:33:04.0159 6668 [ F2E8C13E27A0044A19BA82E5C6E8879E ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
08:33:04.0161 6668 CT20XUT.SYS - ok
08:33:04.0201 6668 [ 15425196A518C4F0D5A5BBA524D60C4B ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
08:33:04.0217 6668 ctac32k - ok
08:33:04.0238 6668 [ 095F82704725DB00307A9C7193C13B3C ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
08:33:04.0255 6668 ctaud2k - ok
08:33:04.0312 6668 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
08:33:04.0374 6668 CTAudSvcService - ok
08:33:04.0418 6668 [ 4551FC6A89328995D87DC23E4FD1050B ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
08:33:04.0444 6668 CTEXFIFX - ok
08:33:04.0473 6668 [ 4551FC6A89328995D87DC23E4FD1050B ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
08:33:04.0482 6668 CTEXFIFX.SYS - ok
08:33:04.0497 6668 [ 4EC7E207A05B974F59F477E3305CD60D ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
08:33:04.0500 6668 CTHWIUT - ok
08:33:04.0504 6668 [ 4EC7E207A05B974F59F477E3305CD60D ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
08:33:04.0506 6668 CTHWIUT.SYS - ok
08:33:04.0528 6668 [ 3E4E7A4A3B2F3D0172F276A0A1A60595 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
08:33:04.0529 6668 ctprxy2k - ok
08:33:04.0540 6668 [ 15AC0A5AA8E88FD6843C70C1738EB963 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
08:33:04.0542 6668 ctsfm2k - ok
08:33:04.0595 6668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:33:04.0613 6668 DcomLaunch - ok
08:33:04.0754 6668 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:33:04.0782 6668 defragsvc - ok
08:33:04.0902 6668 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:33:04.0922 6668 DfsC - ok
08:33:05.0031 6668 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:33:05.0036 6668 Dhcp - ok
08:33:05.0058 6668 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:33:05.0060 6668 discache - ok
08:33:05.0073 6668 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:33:05.0075 6668 Disk - ok
08:33:05.0118 6668 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:33:05.0121 6668 Dnscache - ok
08:33:05.0170 6668 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:33:05.0174 6668 dot3svc - ok
08:33:05.0216 6668 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:33:05.0219 6668 DPS - ok
08:33:05.0248 6668 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:33:05.0250 6668 drmkaud - ok
08:33:05.0303 6668 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:33:05.0320 6668 DXGKrnl - ok
08:33:05.0332 6668 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:33:05.0335 6668 EapHost - ok
08:33:05.0397 6668 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
08:33:05.0449 6668 ebdrv - ok
08:33:05.0467 6668 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:33:05.0469 6668 EFS - ok
08:33:05.0513 6668 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:33:05.0531 6668 ehRecvr - ok
08:33:05.0551 6668 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:33:05.0567 6668 ehSched - ok
08:33:05.0592 6668 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:33:05.0609 6668 elxstor - ok
08:33:05.0648 6668 [ C8F9F86A1A078FDB304E2B6029F1E5E2 ] emupia C:\Windows\system32\drivers\emupia2k.sys
08:33:05.0650 6668 emupia - ok
08:33:05.0657 6668 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:33:05.0658 6668 ErrDev - ok
08:33:05.0688 6668 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:33:05.0693 6668 EventSystem - ok
08:33:05.0712 6668 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:33:05.0715 6668 exfat - ok
08:33:05.0729 6668 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:33:05.0732 6668 fastfat - ok
08:33:05.0785 6668 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:33:05.0802 6668 Fax - ok
08:33:05.0812 6668 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:33:05.0814 6668 fdc - ok
08:33:05.0819 6668 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:33:05.0821 6668 fdPHost - ok
08:33:05.0843 6668 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:33:05.0845 6668 FDResPub - ok
08:33:05.0852 6668 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:33:05.0854 6668 FileInfo - ok
08:33:05.0862 6668 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:33:05.0864 6668 Filetrace - ok
08:33:05.0877 6668 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:33:05.0879 6668 flpydisk - ok
08:33:05.0918 6668 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:33:05.0923 6668 FltMgr - ok
08:33:05.0984 6668 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:33:06.0009 6668 FontCache - ok
08:33:06.0062 6668 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:33:06.0064 6668 FontCache3.0.0.0 - ok
08:33:06.0074 6668 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:33:06.0075 6668 FsDepends - ok
08:33:06.0118 6668 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:33:06.0139 6668 Fs_Rec - ok
08:33:06.0179 6668 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:33:06.0182 6668 fvevol - ok
08:33:06.0205 6668 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:33:06.0207 6668 gagp30kx - ok
08:33:06.0240 6668 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:33:06.0241 6668 GEARAspiWDM - ok
08:33:06.0284 6668 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:33:06.0302 6668 gpsvc - ok
08:33:06.0400 6668 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:33:06.0402 6668 gusvc - ok
08:33:06.0465 6668 [ 57F6CF8C66D23B2EBD32B4A00FE82A15 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
08:33:06.0491 6668 ha20x2k - ok
08:33:06.0533 6668 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:33:06.0534 6668 hcw85cir - ok
08:33:06.0602 6668 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:33:06.0607 6668 HdAudAddService - ok
08:33:06.0657 6668 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:33:06.0659 6668 HDAudBus - ok
08:33:06.0670 6668 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:33:06.0671 6668 HidBatt - ok
08:33:06.0684 6668 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:33:06.0686 6668 HidBth - ok
08:33:06.0697 6668 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:33:06.0698 6668 HidIr - ok
08:33:06.0720 6668 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:33:06.0722 6668 hidserv - ok
08:33:06.0784 6668 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:33:06.0785 6668 HidUsb - ok
08:33:06.0828 6668 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:33:06.0831 6668 hkmsvc - ok
08:33:06.0872 6668 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:33:06.0876 6668 HomeGroupListener - ok
08:33:06.0918 6668 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:33:06.0923 6668 HomeGroupProvider - ok
08:33:06.0962 6668 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:33:06.0964 6668 HpSAMD - ok
08:33:07.0105 6668 [ EAC76A9283E8B2192351E5C0B3820624 ] HsdService C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
08:33:07.0173 6668 HsdService - ok
08:33:07.0228 6668 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:33:07.0246 6668 HTTP - ok
08:33:07.0279 6668 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:33:07.0280 6668 hwpolicy - ok
08:33:07.0327 6668 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:33:07.0329 6668 i8042prt - ok
08:33:07.0370 6668 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:33:07.0375 6668 iaStorV - ok
08:33:07.0441 6668 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
08:33:07.0513 6668 IDriverT - ok
08:33:07.0592 6668 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:33:07.0610 6668 idsvc - ok
08:33:07.0634 6668 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:33:07.0635 6668 iirsp - ok
08:33:07.0663 6668 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:33:07.0680 6668 IKEEXT - ok
08:33:07.0726 6668 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:33:07.0727 6668 intelide - ok
08:33:07.0744 6668 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:33:07.0746 6668 intelppm - ok
08:33:07.0773 6668 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:33:07.0776 6668 IPBusEnum - ok
08:33:07.0824 6668 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:33:07.0826 6668 IpFilterDriver - ok
08:33:07.0863 6668 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:33:07.0871 6668 iphlpsvc - ok
08:33:07.0905 6668 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:33:07.0907 6668 IPMIDRV - ok
08:33:07.0921 6668 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:33:07.0923 6668 IPNAT - ok
08:33:07.0969 6668 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
08:33:08.0002 6668 iPod Service - ok
08:33:08.0029 6668 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:33:08.0031 6668 IRENUM - ok
08:33:08.0037 6668 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:33:08.0039 6668 isapnp - ok
08:33:08.0081 6668 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:33:08.0084 6668 iScsiPrt - ok
08:33:08.0100 6668 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
08:33:08.0102 6668 kbdclass - ok
08:33:08.0159 6668 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
08:33:08.0160 6668 kbdhid - ok
08:33:08.0165 6668 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:33:08.0167 6668 KeyIso - ok
08:33:08.0207 6668 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:33:08.0209 6668 KSecDD - ok
08:33:08.0252 6668 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:33:08.0255 6668 KSecPkg - ok
08:33:08.0263 6668 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:33:08.0265 6668 ksthunk - ok
08:33:08.0285 6668 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:33:08.0293 6668 KtmRm - ok
08:33:08.0333 6668 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:33:08.0337 6668 LanmanServer - ok
08:33:08.0382 6668 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:33:08.0386 6668 LanmanWorkstation - ok
08:33:08.0405 6668 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:33:08.0407 6668 lltdio - ok
08:33:08.0431 6668 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:33:08.0436 6668 lltdsvc - ok
08:33:08.0453 6668 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:33:08.0455 6668 lmhosts - ok
08:33:08.0479 6668 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:33:08.0481 6668 LSI_FC - ok
08:33:08.0493 6668 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:33:08.0496 6668 LSI_SAS - ok
08:33:08.0509 6668 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:33:08.0510 6668 LSI_SAS2 - ok
08:33:08.0524 6668 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:33:08.0526 6668 LSI_SCSI - ok
08:33:08.0549 6668 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:33:08.0551 6668 luafv - ok
08:33:08.0591 6668 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:33:08.0594 6668 Mcx2Svc - ok
08:33:08.0608 6668 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:33:08.0610 6668 megasas - ok
08:33:08.0625 6668 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:33:08.0630 6668 MegaSR - ok
08:33:08.0639 6668 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:33:08.0641 6668 MMCSS - ok
08:33:08.0646 6668 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:33:08.0648 6668 Modem - ok
08:33:08.0661 6668 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:33:08.0662 6668 monitor - ok
08:33:08.0699 6668 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:33:08.0701 6668 mouclass - ok
08:33:08.0710 6668 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:33:08.0712 6668 mouhid - ok
08:33:08.0753 6668 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:33:08.0756 6668 mountmgr - ok
08:33:08.0770 6668 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:33:08.0773 6668 mpio - ok
08:33:08.0788 6668 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:33:08.0790 6668 mpsdrv - ok
08:33:08.0848 6668 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:33:08.0864 6668 MpsSvc - ok
08:33:08.0907 6668 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:33:08.0909 6668 MRxDAV - ok
08:33:08.0951 6668 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:33:08.0954 6668 mrxsmb - ok
08:33:09.0001 6668 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:33:09.0005 6668 mrxsmb10 - ok
08:33:09.0014 6668 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:33:09.0034 6668 mrxsmb20 - ok
08:33:09.0072 6668 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:33:09.0073 6668 msahci - ok
08:33:09.0101 6668 [ 023E10227D83B47D3B72C9FFCD323704 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
08:33:09.0104 6668 MSCamSvc - ok
08:33:09.0149 6668 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:33:09.0152 6668 msdsm - ok
08:33:09.0163 6668 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:33:09.0167 6668 MSDTC - ok
08:33:09.0189 6668 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:33:09.0191 6668 Msfs - ok
08:33:09.0202 6668 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:33:09.0203 6668 mshidkmdf - ok
08:33:09.0238 6668 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:33:09.0239 6668 msisadrv - ok
08:33:09.0272 6668 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:33:09.0276 6668 MSiSCSI - ok
08:33:09.0281 6668 msiserver - ok
08:33:09.0307 6668 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:33:09.0309 6668 MSKSSRV - ok
08:33:09.0313 6668 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:33:09.0316 6668 MSPCLOCK - ok
08:33:09.0329 6668 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:33:09.0331 6668 MSPQM - ok
08:33:09.0373 6668 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:33:09.0377 6668 MsRPC - ok
08:33:09.0382 6668 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:33:09.0384 6668 mssmbios - ok
08:33:09.0387 6668 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:33:09.0389 6668 MSTEE - ok
08:33:09.0399 6668 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:33:09.0400 6668 MTConfig - ok
08:33:09.0423 6668 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:33:09.0424 6668 Mup - ok
08:33:09.0468 6668 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:33:09.0474 6668 napagent - ok
08:33:09.0495 6668 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:33:09.0498 6668 NativeWifiP - ok
08:33:09.0573 6668 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

nellie
2013-03-23, 10:38
08:33:09.0590 6668 NDIS - ok
08:33:09.0606 6668 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:33:09.0607 6668 NdisCap - ok
08:33:09.0631 6668 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:33:09.0633 6668 NdisTapi - ok
08:33:09.0672 6668 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:33:09.0674 6668 Ndisuio - ok
08:33:09.0713 6668 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:33:09.0715 6668 NdisWan - ok
08:33:09.0752 6668 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:33:09.0754 6668 NDProxy - ok
08:33:09.0791 6668 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
08:33:09.0810 6668 Netaapl - ok
08:33:09.0825 6668 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:33:09.0826 6668 NetBIOS - ok
08:33:09.0866 6668 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:33:09.0869 6668 NetBT - ok
08:33:09.0884 6668 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:33:09.0886 6668 Netlogon - ok
08:33:09.0917 6668 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:33:09.0925 6668 Netman - ok
08:33:09.0938 6668 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:33:09.0945 6668 netprofm - ok
08:33:09.0960 6668 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:33:09.0963 6668 NetTcpPortSharing - ok
08:33:09.0972 6668 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:33:09.0974 6668 nfrd960 - ok
08:33:10.0063 6668 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:33:10.0106 6668 NlaSvc - ok
08:33:10.0151 6668 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:33:10.0179 6668 Npfs - ok
08:33:10.0211 6668 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:33:10.0213 6668 nsi - ok
08:33:10.0218 6668 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:33:10.0220 6668 nsiproxy - ok
08:33:10.0298 6668 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:33:10.0332 6668 Ntfs - ok
08:33:10.0347 6668 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:33:10.0349 6668 Null - ok
08:33:10.0374 6668 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:33:10.0377 6668 nvraid - ok
08:33:10.0420 6668 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:33:10.0422 6668 nvstor - ok
08:33:10.0457 6668 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:33:10.0459 6668 nv_agp - ok
08:33:10.0559 6668 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:33:10.0565 6668 odserv - ok
08:33:10.0616 6668 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:33:10.0618 6668 ohci1394 - ok
08:33:10.0668 6668 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:33:10.0681 6668 ose - ok
08:33:10.0726 6668 [ 64184884B0F505E0E8D8A48F551E13A8 ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
08:33:10.0729 6668 ossrv - ok
08:33:10.0749 6668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:33:10.0755 6668 p2pimsvc - ok
08:33:10.0776 6668 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:33:10.0792 6668 p2psvc - ok
08:33:10.0823 6668 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:33:10.0825 6668 Parport - ok
08:33:10.0854 6668 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:33:10.0856 6668 partmgr - ok
08:33:10.0866 6668 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:33:10.0870 6668 PcaSvc - ok
08:33:10.0923 6668 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
08:33:10.0935 6668 pccsmcfd - ok
08:33:10.0996 6668 [ 7317A0B550F7AC0223B7070897670476 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
08:33:10.0998 6668 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
08:33:11.0007 6668 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:33:11.0009 6668 pci - ok
08:33:11.0046 6668 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:33:11.0047 6668 pciide - ok
08:33:11.0065 6668 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:33:11.0068 6668 pcmcia - ok
08:33:11.0083 6668 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:33:11.0085 6668 pcw - ok
08:33:11.0103 6668 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:33:11.0120 6668 PEAUTH - ok
08:33:11.0191 6668 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:33:11.0194 6668 PerfHost - ok
08:33:11.0259 6668 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:33:11.0285 6668 pla - ok
08:33:11.0338 6668 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:33:11.0353 6668 PlugPlay - ok
08:33:11.0369 6668 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:33:11.0372 6668 PNRPAutoReg - ok
08:33:11.0391 6668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:33:11.0395 6668 PNRPsvc - ok
08:33:11.0444 6668 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
08:33:11.0446 6668 Point64 - ok
08:33:11.0466 6668 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:33:11.0481 6668 PolicyAgent - ok
08:33:11.0509 6668 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:33:11.0512 6668 Power - ok
08:33:11.0565 6668 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:33:11.0568 6668 PptpMiniport - ok
08:33:11.0575 6668 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:33:11.0577 6668 Processor - ok
08:33:11.0632 6668 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:33:11.0637 6668 ProfSvc - ok
08:33:11.0650 6668 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:33:11.0652 6668 ProtectedStorage - ok
08:33:11.0699 6668 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:33:11.0701 6668 Psched - ok
08:33:11.0733 6668 PURE Flow Server - ok
08:33:11.0765 6668 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
08:33:11.0767 6668 PxHlpa64 - ok
08:33:11.0801 6668 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:33:11.0827 6668 ql2300 - ok
08:33:11.0840 6668 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:33:11.0843 6668 ql40xx - ok
08:33:11.0869 6668 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:33:11.0874 6668 QWAVE - ok
08:33:11.0888 6668 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:33:11.0890 6668 QWAVEdrv - ok
08:33:12.0054 6668 [ F98487B25828441B1C6488C642C2AC10 ] RapportCerberus_43926 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys
08:33:12.0070 6668 RapportCerberus_43926 - ok
08:33:12.0142 6668 [ C3C5F9517AAC5848FFB7F66040780C3C ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
08:33:12.0144 6668 RapportEI64 - ok
08:33:12.0186 6668 [ 9AA4A536CEE7A09B2E03D4D423A9F718 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
08:33:12.0188 6668 RapportKE64 - ok
08:33:12.0228 6668 [ C7D3492630472DC0546715DD4157B6C2 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
08:33:12.0245 6668 RapportMgmtService - ok
08:33:12.0281 6668 [ 819E5A7E3729273C252AE35F9E5E0BC8 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
08:33:12.0283 6668 RapportPG64 - ok
08:33:12.0294 6668 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:33:12.0295 6668 RasAcd - ok
08:33:12.0324 6668 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:33:12.0325 6668 RasAgileVpn - ok
08:33:12.0333 6668 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:33:12.0336 6668 RasAuto - ok
08:33:12.0378 6668 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:33:12.0380 6668 Rasl2tp - ok
08:33:12.0421 6668 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:33:12.0426 6668 RasMan - ok
08:33:12.0434 6668 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:33:12.0436 6668 RasPppoe - ok
08:33:12.0447 6668 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:33:12.0449 6668 RasSstp - ok
08:33:12.0489 6668 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:33:12.0493 6668 rdbss - ok
08:33:12.0521 6668 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:33:12.0522 6668 rdpbus - ok
08:33:12.0528 6668 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:33:12.0529 6668 RDPCDD - ok
08:33:12.0555 6668 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:33:12.0556 6668 RDPENCDD - ok
08:33:12.0562 6668 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:33:12.0563 6668 RDPREFMP - ok
08:33:12.0606 6668 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:33:12.0610 6668 RDPWD - ok
08:33:12.0647 6668 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:33:12.0650 6668 rdyboost - ok
08:33:12.0676 6668 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:33:12.0679 6668 RemoteAccess - ok
08:33:12.0692 6668 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:33:12.0696 6668 RemoteRegistry - ok
08:33:12.0716 6668 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:33:12.0719 6668 RpcEptMapper - ok
08:33:12.0740 6668 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:33:12.0742 6668 RpcLocator - ok
08:33:12.0786 6668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:33:12.0792 6668 RpcSs - ok
08:33:12.0805 6668 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:33:12.0807 6668 rspndr - ok
08:33:12.0856 6668 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:33:12.0870 6668 RTL8167 - ok
08:33:12.0895 6668 [ 5532C4BF15173270757A75B46BAEB960 ] RtNdPt60 C:\Windows\system32\DRIVERS\RtNdPt60.sys
08:33:12.0897 6668 RtNdPt60 - ok
08:33:12.0932 6668 [ BC85BDC1C30066C78B8C67AF1241D0B7 ] RTTEAMPT C:\Windows\system32\DRIVERS\RtTeam60.sys
08:33:12.0934 6668 RTTEAMPT - ok
08:33:12.0946 6668 [ 8B6B42D782202363A562F82B0E13B1C0 ] RTVLANPT C:\Windows\system32\DRIVERS\RtVlan60.sys
08:33:12.0947 6668 RTVLANPT - ok
08:33:12.0958 6668 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:33:12.0960 6668 SamSs - ok
08:33:12.0999 6668 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:33:13.0001 6668 sbp2port - ok
08:33:13.0016 6668 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:33:13.0020 6668 SCardSvr - ok
08:33:13.0059 6668 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:33:13.0061 6668 scfilter - ok
08:33:13.0109 6668 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:33:13.0127 6668 Schedule - ok
08:33:13.0167 6668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:33:13.0168 6668 SCPolicySvc - ok
08:33:13.0204 6668 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:33:13.0208 6668 SDRSVC - ok
08:33:13.0227 6668 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:33:13.0229 6668 secdrv - ok
08:33:13.0275 6668 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:33:13.0278 6668 seclogon - ok
08:33:13.0293 6668 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:33:13.0296 6668 SENS - ok
08:33:13.0315 6668 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:33:13.0318 6668 SensrSvc - ok
08:33:13.0324 6668 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:33:13.0326 6668 Serenum - ok
08:33:13.0336 6668 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:33:13.0338 6668 Serial - ok
08:33:13.0372 6668 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:33:13.0373 6668 sermouse - ok
08:33:13.0456 6668 [ AEC6C79F72AA0E86BAFCB18D2BD2E74C ] ServicepointService C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
08:33:13.0473 6668 ServicepointService - ok
08:33:13.0513 6668 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:33:13.0516 6668 SessionEnv - ok
08:33:13.0554 6668 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:33:13.0556 6668 sffdisk - ok
08:33:13.0568 6668 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:33:13.0570 6668 sffp_mmc - ok
08:33:13.0579 6668 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:33:13.0580 6668 sffp_sd - ok
08:33:13.0586 6668 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:33:13.0587 6668 sfloppy - ok
08:33:13.0619 6668 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:33:13.0623 6668 SharedAccess - ok
08:33:13.0663 6668 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:33:13.0669 6668 ShellHWDetection - ok
08:33:13.0681 6668 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:33:13.0683 6668 SiSRaid2 - ok
08:33:13.0697 6668 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:33:13.0699 6668 SiSRaid4 - ok
08:33:13.0800 6668 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
08:33:13.0804 6668 SkypeUpdate - ok
08:33:13.0827 6668 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:33:13.0829 6668 Smb - ok
08:33:13.0871 6668 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:33:13.0873 6668 SNMPTRAP - ok
08:33:13.0884 6668 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:33:13.0885 6668 spldr - ok
08:33:13.0930 6668 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:33:13.0948 6668 Spooler - ok
08:33:14.0038 6668 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:33:14.0098 6668 sppsvc - ok
08:33:14.0112 6668 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:33:14.0114 6668 sppuinotify - ok
08:33:14.0158 6668 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:33:14.0163 6668 srv - ok
08:33:14.0205 6668 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:33:14.0220 6668 srv2 - ok
08:33:14.0230 6668 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:33:14.0233 6668 srvnet - ok
08:33:14.0256 6668 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:33:14.0260 6668 SSDPSRV - ok
08:33:14.0269 6668 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:33:14.0272 6668 SstpSvc - ok
08:33:14.0287 6668 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:33:14.0288 6668 stexstor - ok
08:33:14.0340 6668 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:33:14.0357 6668 stisvc - ok
08:33:14.0396 6668 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:33:14.0398 6668 swenum - ok
08:33:14.0415 6668 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:33:14.0432 6668 swprv - ok
08:33:14.0494 6668 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:33:14.0528 6668 SysMain - ok
08:33:14.0581 6668 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:33:14.0586 6668 TabletInputService - ok
08:33:14.0629 6668 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:33:14.0634 6668 TapiSrv - ok
08:33:14.0647 6668 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:33:14.0649 6668 TBS - ok
08:33:14.0722 6668 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:33:14.0757 6668 Tcpip - ok
08:33:14.0795 6668 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:33:14.0804 6668 TCPIP6 - ok
08:33:14.0846 6668 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:33:14.0848 6668 tcpipreg - ok
08:33:14.0873 6668 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:33:14.0874 6668 TDPIPE - ok
08:33:14.0911 6668 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:33:14.0912 6668 TDTCP - ok
08:33:14.0953 6668 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:33:14.0955 6668 tdx - ok
08:33:14.0965 6668 [ BC85BDC1C30066C78B8C67AF1241D0B7 ] TEAM C:\Windows\system32\DRIVERS\RtTeam60.sys
08:33:14.0967 6668 TEAM - ok
08:33:14.0977 6668 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:33:14.0979 6668 TermDD - ok
08:33:15.0035 6668 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:33:15.0053 6668 TermService - ok
08:33:15.0064 6668 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:33:15.0067 6668 Themes - ok
08:33:15.0088 6668 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:33:15.0090 6668 THREADORDER - ok
08:33:15.0264 6668 [ F9800B8511B72560F5B4235E312D52AC ] TracSrvWrapper C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
08:33:15.0358 6668 TracSrvWrapper - ok
08:33:15.0371 6668 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:33:15.0374 6668 TrkWks - ok
08:33:15.0435 6668 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:33:15.0438 6668 TrustedInstaller - ok
08:33:15.0482 6668 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:33:15.0484 6668 tssecsrv - ok
08:33:15.0536 6668 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:33:15.0555 6668 TsUsbFlt - ok
08:33:15.0627 6668 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:33:15.0630 6668 tunnel - ok
08:33:15.0651 6668 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:33:15.0653 6668 uagp35 - ok
08:33:15.0706 6668 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:33:15.0710 6668 udfs - ok
08:33:15.0737 6668 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:33:15.0740 6668 UI0Detect - ok
08:33:15.0779 6668 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:33:15.0781 6668 uliagpkx - ok
08:33:15.0834 6668 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
08:33:15.0836 6668 umbus - ok
08:33:15.0843 6668 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:33:15.0844 6668 UmPass - ok
08:33:15.0859 6668 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:33:15.0875 6668 upnphost - ok
08:33:15.0920 6668 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
08:33:15.0921 6668 USBAAPL64 - ok
08:33:15.0964 6668 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:33:15.0967 6668 usbaudio - ok
08:33:15.0977 6668 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:33:15.0979 6668 usbccgp - ok
08:33:16.0026 6668 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:33:16.0028 6668 usbcir - ok
08:33:16.0034 6668 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:33:16.0036 6668 usbehci - ok
08:33:16.0056 6668 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:33:16.0060 6668 usbhub - ok
08:33:16.0068 6668 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:33:16.0069 6668 usbohci - ok
08:33:16.0089 6668 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:33:16.0091 6668 usbprint - ok
08:33:16.0131 6668 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:33:16.0132 6668 usbscan - ok
08:33:16.0170 6668 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
08:33:16.0171 6668 usbser - ok
08:33:16.0190 6668 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:33:16.0192 6668 USBSTOR - ok
08:33:16.0205 6668 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:33:16.0206 6668 usbuhci - ok
08:33:16.0218 6668 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:33:16.0221 6668 UxSms - ok
08:33:16.0234 6668 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:33:16.0235 6668 VaultSvc - ok
08:33:16.0244 6668 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:33:16.0245 6668 vdrvroot - ok
08:33:16.0299 6668 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:33:16.0316 6668 vds - ok
08:33:16.0332 6668 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:33:16.0333 6668 vga - ok
08:33:16.0344 6668 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:33:16.0346 6668 VgaSave - ok
08:33:16.0388 6668 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:33:16.0391 6668 vhdmp - ok
08:33:16.0435 6668 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:33:16.0436 6668 viaide - ok
08:33:16.0442 6668 vmci - ok
08:33:16.0459 6668 VMnetAdapter - ok
08:33:16.0502 6668 [ A96AFA32F73C065B9AE9D1554CDD00FC ] vna_ap C:\Windows\system32\DRIVERS\vnaap.sys
08:33:16.0505 6668 vna_ap - ok
08:33:16.0549 6668 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:33:16.0550 6668 volmgr - ok
08:33:16.0597 6668 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:33:16.0602 6668 volmgrx - ok
08:33:16.0632 6668 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:33:16.0636 6668 volsnap - ok
08:33:16.0701 6668 [ A3F2942ADC5112CDFE32D9CC352D4D4C ] vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
08:33:16.0717 6668 vsdatant - ok
08:33:16.0727 6668 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:33:16.0730 6668 vsmraid - ok
08:33:16.0784 6668 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:33:16.0819 6668 VSS - ok
08:33:16.0830 6668 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
08:33:16.0831 6668 vwifibus - ok
08:33:16.0891 6668 [ E13B31E0ADA64CF1513D993F436CA39D ] VX3000 C:\Windows\system32\DRIVERS\VX3000.sys
08:33:16.0926 6668 VX3000 - ok
08:33:16.0954 6668 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:33:16.0961 6668 W32Time - ok
08:33:16.0974 6668 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:33:16.0976 6668 WacomPen - ok
08:33:17.0040 6668 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
08:33:17.0042 6668 WajamUpdater - ok
08:33:17.0091 6668 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:33:17.0093 6668 WANARP - ok
08:33:17.0107 6668 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:33:17.0108 6668 Wanarpv6 - ok
08:33:17.0196 6668 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:33:17.0223 6668 WatAdminSvc - ok
08:33:17.0281 6668 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:33:17.0307 6668 wbengine - ok
08:33:17.0319 6668 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:33:17.0323 6668 WbioSrvc - ok
08:33:17.0380 6668 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:33:17.0388 6668 wcncsvc - ok
08:33:17.0404 6668 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:33:17.0407 6668 WcsPlugInService - ok
08:33:17.0421 6668 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:33:17.0422 6668 Wd - ok
08:33:17.0468 6668 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:33:17.0485 6668 Wdf01000 - ok
08:33:17.0502 6668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:33:17.0505 6668 WdiServiceHost - ok
08:33:17.0510 6668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:33:17.0513 6668 WdiSystemHost - ok
08:33:17.0557 6668 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:33:17.0562 6668 WebClient - ok
08:33:17.0576 6668 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:33:17.0582 6668 Wecsvc - ok
08:33:17.0591 6668 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:33:17.0593 6668 wercplsupport - ok
08:33:17.0610 6668 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:33:17.0612 6668 WerSvc - ok
08:33:17.0632 6668 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:33:17.0633 6668 WfpLwf - ok
08:33:17.0649 6668 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:33:17.0651 6668 WIMMount - ok
08:33:17.0672 6668 WinDefend - ok
08:33:17.0678 6668 WinHttpAutoProxySvc - ok
08:33:17.0725 6668 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:33:17.0742 6668 Winmgmt - ok
08:33:17.0823 6668 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:33:17.0856 6668 WinRM - ok
08:33:17.0924 6668 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:33:17.0926 6668 WinUsb - ok
08:33:17.0954 6668 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:33:17.0971 6668 Wlansvc - ok
08:33:18.0113 6668 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:33:18.0156 6668 wlidsvc - ok
08:33:18.0196 6668 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:33:18.0198 6668 WmiAcpi - ok
08:33:18.0221 6668 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:33:18.0224 6668 wmiApSrv - ok
08:33:18.0254 6668 WMPNetworkSvc - ok
08:33:18.0269 6668 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:33:18.0272 6668 WPCSvc - ok
08:33:18.0317 6668 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:33:18.0320 6668 WPDBusEnum - ok
08:33:18.0344 6668 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:33:18.0345 6668 ws2ifsl - ok
08:33:18.0359 6668 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:33:18.0362 6668 wscsvc - ok
08:33:18.0366 6668 WSearch - ok
08:33:18.0440 6668 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:33:18.0484 6668 wuauserv - ok
08:33:18.0532 6668 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:33:18.0534 6668 WudfPf - ok
08:33:18.0557 6668 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:33:18.0560 6668 WUDFRd - ok
08:33:18.0595 6668 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:33:18.0598 6668 wudfsvc - ok
08:33:18.0609 6668 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:33:18.0613 6668 WwanSvc - ok
08:33:18.0667 6668 [ B9D500E6369E650FA601F2CF2C41FFD4 ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
08:33:18.0681 6668 ZTEusbmdm6k - ok
08:33:18.0734 6668 [ B9D500E6369E650FA601F2CF2C41FFD4 ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
08:33:18.0736 6668 ZTEusbnmea - ok
08:33:18.0744 6668 [ B9D500E6369E650FA601F2CF2C41FFD4 ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
08:33:18.0747 6668 ZTEusbser6k - ok
08:33:18.0765 6668 ================ Scan global ===============================
08:33:18.0791 6668 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:33:18.0827 6668 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:33:18.0844 6668 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
08:33:18.0869 6668 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:33:18.0894 6668 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:33:18.0898 6668 [Global] - ok
08:33:18.0898 6668 ================ Scan MBR ==================================
08:33:18.0908 6668 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:33:19.0493 6668 \Device\Harddisk0\DR0 - ok
08:33:19.0494 6668 ================ Scan VBR ==================================
08:33:19.0520 6668 [ A17FF98F655DFA21B5657B689EDE13FB ] \Device\Harddisk0\DR0\Partition1
08:33:19.0522 6668 \Device\Harddisk0\DR0\Partition1 - ok
08:33:19.0525 6668 [ 221A9215A3A2A45292A1841BD6F2D96B ] \Device\Harddisk0\DR0\Partition2
08:33:19.0527 6668 \Device\Harddisk0\DR0\Partition2 - ok
08:33:19.0538 6668 [ D880F31878835D925F2536F81584BFB6 ] \Device\Harddisk0\DR0\Partition3
08:33:19.0540 6668 \Device\Harddisk0\DR0\Partition3 - ok
08:33:19.0540 6668 ============================================================
08:33:19.0540 6668 Scan finished
08:33:19.0540 6668 ============================================================
08:33:19.0551 0876 Detected object count: 0
08:33:19.0551 0876 Actual detected object count: 0

fbfbfb
2013-03-23, 20:51
Hello, nellie.

Thank you for the logs. These logs appear to be clean. Please continue with the following scan:


Note: Before you begin, please read through these instructions completely, noting all important messages and warnings. Please download ComboFix from HERE (http://www.bleepingcomputer.com/download/combofix/dl/12/) or HERE (http://www.infospyware.net/antimalware/combofix/).Very Important! Save ComboFix.exe to to your Desktop.
Close all browsers.
Disable your AntiVirus and AntiSpyware applications as they can interfere with running ComboFix. To disable any security programs:
Right click on the System Tray icon, or
Refer to this link HERE (http://forums.whatthetech.com/index.php?showtopic=96260&pid=494216#entry494216) for further assistance. Double click on ComboFix.exe and follow the prompts.
When finished, ComboFix will produce a log for you. Please include the C:\ComboFix.txt in your next reply.Warnings:
Do not mouse-click on ComboFix's window while it is running. This may cause it to stall.
Do not re-run ComboFix. If problems occur with the installation or running of ComboFix, please reply back for further instructions.
Do not attempt to surf the internet while ComboFix is scanning.
Note: If there is no internet connection after running ComboFix, reboot your computer to restore the connection.Very Important! Make sure you re-enable your security programs when ComboFix is finished.

nellie
2013-03-24, 18:28
I have run combofix but it has not left my computrer in a good state. It now keeps hanging completely and the network connection has been lost so i am unable to connect to the internet!

The log file below has been uploaded via another computer within the household.

=========================================================

ComboFix 13-03-24.01 - Rick 24/03/2013 13:58:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2717 [GMT 0:00]
Running from: C:\Users\Rick\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files (x86)\GuffinsEI
D:\AUTORUN.INF


((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))


2013-03-24 14:08:47 . 2013-03-24 14:08:47 -------- d-----w- C:\Users\Megan.26NC-PC\AppData\Local\temp
2013-03-24 14:08:42 . 2013-03-24 14:08:42 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-03-24 14:08:42 . 2013-03-24 14:08:42 -------- d-----w- C:\Users\Alfie.26NC-PC\AppData\Local\temp
2013-03-18 06:48:17 . 2013-03-18 06:48:25 -------- d-----w- C:\Program Files (x86)\ERUNT
2013-03-17 12:01:12 . 2013-03-17 12:02:46 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-03-17 11:59:56 . 2013-03-17 12:00:49 -------- d-----w- C:\Users\Rick\AppData\Roaming\Kingsoft
2013-03-17 11:59:56 . 2013-03-17 11:59:56 -------- d-----w- C:\ProgramData\Kingsoft
2013-03-17 11:59:54 . 2013-03-17 11:59:54 -------- d-----w- C:\Program Files (x86)\Kingsoft
2013-03-17 11:58:42 . 2013-03-17 11:58:42 -------- d-----w- C:\Program Files (x86)\PriceGong
2013-03-17 11:56:34 . 1998-06-24 00:00:00 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2013-03-17 11:56:33 . 2005-03-12 00:07:00 87040 ----a-w- C:\Windows\system32\pdfcmnnt.dll
2013-03-17 11:56:32 . 2013-03-17 11:56:48 -------- d-----w- C:\Program Files (x86)\PDFCreator
2013-03-17 11:56:32 . 1998-07-06 00:00:00 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2013-03-17 11:55:43 . 2013-03-17 12:02:33 -------- d-----w- C:\Users\Rick\AppData\Local\Smartbar
2013-03-17 11:55:20 . 2013-03-17 11:55:20 -------- d-----w- C:\Users\Rick\AppData\Local\Solid Savings
2013-03-17 11:55:11 . 2013-03-17 11:55:12 -------- d-----w- C:\Users\Rick\AppData\Local\Updater26278
2013-03-17 11:55:03 . 2013-03-17 11:55:20 -------- d-----w- C:\Program Files (x86)\Solid Savings
2013-03-17 11:54:44 . 2013-03-17 11:54:44 -------- d-----w- C:\Windows\SysWow64\searchplugins
2013-03-17 11:54:44 . 2013-03-17 11:54:44 -------- d-----w- C:\Windows\SysWow64\Extensions
2013-03-17 11:54:41 . 2013-03-17 11:54:41 -------- d-----w- C:\ProgramData\BrowserProtect
2013-03-17 11:54:37 . 2013-03-17 11:54:37 -------- d-----w- C:\Users\Rick\AppData\Roaming\BabSolution
2013-03-17 11:54:33 . 2013-03-17 11:54:33 -------- d-----w- C:\Program Files (x86)\Delta
2013-03-17 11:54:32 . 2013-03-17 11:54:32 -------- d-----w- C:\Users\Rick\AppData\Roaming\Delta
2013-03-17 11:54:16 . 2013-03-17 11:54:16 -------- d-----w- C:\Users\Rick\AppData\Roaming\Babylon
2013-03-17 11:54:16 . 2013-03-17 11:54:16 -------- d-----w- C:\ProgramData\Babylon
2013-03-17 11:54:01 . 2013-03-17 11:54:01 -------- d-----w- C:\Users\Rick\AppData\Local\Wajam
2013-03-17 11:53:59 . 2013-03-17 11:54:11 -------- d-----w- C:\Program Files (x86)\Wajam
2013-03-16 06:30:42 . 2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-12 15:33:49 . 2013-03-12 15:33:49 -------- d-----w- C:\Program Files\iPod
2013-03-12 15:33:48 . 2013-03-12 15:34:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-12 15:33:48 . 2013-03-12 15:34:30 -------- d-----w- C:\Program Files\iTunes
2013-03-12 15:33:48 . 2013-03-12 15:34:29 -------- d-----w- C:\Program Files (x86)\iTunes
2013-02-24 15:52:05 . 2013-02-24 15:52:05 -------- d-----w- C:\Windows\en-gb
2013-02-24 15:51:49 . 2013-02-24 15:51:49 -------- d-----w- C:\Windows\en
2013-02-24 15:50:54 . 2013-02-24 15:50:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-02-24 15:47:56 . 2010-06-02 04:55:30 77656 ----a-w- C:\Windows\system32\XAPOFX1_5.dll
2013-02-24 15:47:56 . 2010-06-02 04:55:30 518488 ----a-w- C:\Windows\system32\XAudio2_7.dll
2013-02-24 15:47:54 . 2010-05-26 11:41:02 2526056 ----a-w- C:\Windows\system32\D3DCompiler_43.dll
2013-02-24 15:47:54 . 2010-05-26 11:41:02 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2013-02-24 15:47:51 . 2010-05-26 11:41:02 276832 ----a-w- C:\Windows\system32\d3dx11_43.dll
2013-02-24 15:47:51 . 2010-05-26 11:41:02 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2013-02-24 15:43:39 . 2013-02-24 15:43:39 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b45c0dca1ce12a504\DSETUP.dll
2013-02-24 15:43:39 . 2013-02-24 15:43:39 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b45c0dca1ce12a504\DXSETUP.exe
2013-02-24 15:43:39 . 2013-02-24 15:43:39 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b45c0dca1ce12a504\dsetup32.dll
2013-02-24 15:43:27 . 2013-02-24 15:43:27 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aec21a7b1ce12a502\DSETUP.dll
2013-02-24 15:43:27 . 2013-02-24 15:43:27 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aec21a7b1ce12a502\DXSETUP.exe
2013-02-24 15:43:27 . 2013-02-24 15:43:27 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\aec21a7b1ce12a502\dsetup32.dll
2013-02-24 15:43:22 . 2013-02-24 15:43:22 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a8e79aca1ce12a501\DSETUP.dll
2013-02-24 15:43:22 . 2013-02-24 15:43:22 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a8e79aca1ce12a501\DXSETUP.exe
2013-02-24 15:43:22 . 2013-02-24 15:43:22 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a8e79aca1ce12a501\dsetup32.dll
2013-02-23 22:09:23 . 2013-02-23 22:09:23 -------- d-----w- C:\Users\Rick\AppData\Local\SWTOR
2013-02-23 11:56:05 . 2008-05-30 14:11:46 4991496 ----a-w- C:\Windows\system32\D3DX9_38.dll
2013-02-23 11:56:05 . 2008-05-30 14:11:46 3850760 ----a-w- C:\Windows\SysWow64\D3DX9_38.dll
2013-02-23 11:55:25 . 2013-02-23 11:55:28 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2013-02-23 11:55:25 . 2013-02-23 11:55:25 -------- d-----w- C:\Program Files (x86)\Electronic Arts
2013-02-23 11:55:03 . 2013-02-23 11:55:03 -------- d-----w- C:\Users\hedev
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-03-24 13:31:26 . 2012-02-15 17:03:39 22368 ----a-w- C:\Windows\system32\drivers\AFD.SYS
2013-03-24 13:31:26 . 2009-07-14 00:10:34 22368 ----a-w- C:\Windows\system32\drivers\WS2IFSL.SYS
2013-03-14 23:18:16 . 2009-11-09 22:15:53 72013344 ----a-w- C:\Windows\system32\MRT.exe
2013-03-14 12:15:15 . 2012-04-10 07:10:56 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-14 12:15:15 . 2011-06-03 11:06:40 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45:24 . 2013-03-14 11:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-03-14 11:35:45 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-03-14 11:35:44 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 . 2013-03-14 11:35:44 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 . 2013-03-14 11:35:45 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-03-14 11:35:45 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-05 05:53:43 . 2013-02-13 17:26:46 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-01-05 05:00:15 . 2013-02-13 17:26:44 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 . 2013-02-13 17:26:44 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 . 2013-02-13 17:26:34 215040 ----a-w- C:\Windows\system32\winsrv.dll
2013-01-04 04:51:16 . 2013-02-13 17:26:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 . 2013-02-13 17:26:33 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 . 2013-02-13 17:26:36 3153408 ----a-w- C:\Windows\system32\win32k.sys
2013-01-04 02:47:35 . 2013-02-13 17:26:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 . 2013-02-13 17:26:33 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 . 2013-02-13 17:26:32 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 . 2013-02-13 17:26:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 . 2013-02-13 17:26:27 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys
2013-01-03 06:00:42 . 2013-02-13 17:26:27 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS
2011-07-17 09:37:55 . 2011-09-28 18:05:00 161744 ----a-w- C:\Program Files (x86)\u4res.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}]
2013-03-17 11:55:04 704392 ----a-w- C:\Program Files (x86)\Solid Savings\Solid Savings.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-05 01:58:19 297808 ----a-w- C:\Windows\System32\mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24:04 247704 ----a-w- C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 12:24:04 321944]

[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32:48 129272 ----a-w- C:\Users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Rick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-12 08:07:51 1193176]
"Browser Infrastructure Helper"="C:\Users\Rick\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-02-10 16:00:14 13824]
"Optimizer Pro"="C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-10-30 11:54:32 81952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 15:04:54 118624]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 15:51:00 25600]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 13:08:54 49208]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 13:08:14 59720]
"ServiceManager.exe"="C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 12:34:00 4371768]
"DHSClient.exe"="C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 13:12:34 2032952]
"Check Point Endpoint Security"="C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" [2010-09-26 18:55:28 738824]
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 03:52:44 3147384]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-10-25 03:12:14 421888]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 12:35:28 152392]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-1-13 292240]
PURE FlowServer Tray Control.lnk - C:\Program Files (x86)\PURE Flow Server\twonkymediaserverconfig.exe [2010-12-20 194136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll
"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"

R0 vmci;VMware VMCI Bus Driver;C:\Windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 12:55:20 161536]
R2 TracSrvWrapper;Check Point Endpoint Security;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-09-26 18:55:30 4142608]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-04 14:11:35 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-04 11:48:53 79360]
R3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS [2010-05-05 17:36:28 202840]
R3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 17:36:46 1417304]
R3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS [2010-05-05 17:36:36 94808]
R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys [2011-05-10 07:06:14 22528]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 18:10:40 25072]
R3 RapportKE64;RapportKE64;C:\Windows\system32\Drivers\RapportKE64.sys [2011-09-25 18:00:08 64272]
R3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 21:28:40 61712]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 15:55:28 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 15:20:54 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 15:55:28 43008]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-12-13 13:50:36 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 22:06:28 1255736]
S0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys [2012-10-15 03:48:50 63328]
S0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys [2012-09-21 03:46:00 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 23:33:24 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 03:05:18 40800]
S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 03:00:00 55856]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 13:02:44 154464]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [2012-10-02 03:30:38 185696]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [2012-09-21 03:46:04 200032]
S1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 08:28:19 505720]
S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 21:28:40 55056]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2011-01-26 21:55:38 203776]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 23:34:30 5814904]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 13:05:08 196664]
S2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-02-21 09:30:09 2561488]
S2 HsdService;HsdService;C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 13:12:38 1406264]
S2 PURE Flow Server;PURE Flow Server;C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe [2010-12-20 18:30:26 153176]
S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 21:28:26 931640]
S2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 15:49:54 26624]
S2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 12:34:04 689464]
S2 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-07-26 21:08:58 109064]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.SYS [2010-05-05 17:36:28 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 17:36:46 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.SYS [2010-05-05 17:36:36 94808]
S3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64.sys [2011-08-01 15:59:06 45416]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 08:10:56 344680]
S3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\system32\DRIVERS\vnaap.sys [2010-09-26 18:55:26 161256]

fbfbfb
2013-03-25, 02:42
Hello, nellie.

A lost internet connection can sometimes occur as the result of infections being removed from your system. Let's try to restore your internet connection manually.

If you already tried to reboot your computer and still could not connect to the internet, please follow these steps:
Click on the Start button.
Click on the Settings menu option.
Click on the Control Panel option.
When the Control Panel opens, double-click on the Network Connections icon. If your Control Panel is set to Category View, then double-click on Network and Internet Connections and then click on Network Connections at the bottom.
You will now see a list of available network connections. Locate the connection for your Wireless or Lan adapter and right-click on it.
You will now see a menu similar to the image below. Simply click on the Repair menu option.
http://www.bleepstatic.com/combofix/en/repair.jpg Let the repair process perform its tasks and when it has finished, your Internet connection should be working again.
OR If your network icon also appears on the Windows taskbar, then you can repair it by right-clicking on the icon and selecting Repair as shown below.
http://www.bleepstatic.com/combofix/en/tray-repair.jpg
If your internet connection has been restored, please continue with the next step.


Please run the following scan

Farbar Service Scanner

Please download Farbar Service Scanner from HERE (http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/) and save the file to your desktop.
Run the tool on the infected machine.
Ensure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender Click on Scan.
It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log into your next reply.

nellie
2013-03-25, 11:40
Hi thanks for the response. I am using Windows 7 not XP and don't see the option to 'repair' a network connection. I have tried the 'Troubleshoot problems' button but it is suggesting the issue is with my router even though it is clearly not! Gotta love Microsoft (!). Is there an equivalent 'repair' option on Windows 7?

Also for your info, since i used Combofix the PC seems to have developed a serious resource issue in that after it boots up the CPU and memory are heavily utilised and the amount of virtual memory committed to 'services.exe' creeps up and up until the PC crashes.

nellie
2013-03-25, 23:49
I managed to repair the network issue. Here is the FSS log.




Farbar Service Scanner Version: 03-03-2013
Ran by Rick (administrator) on 25-03-2013 at 21:47:53
Running from "C:\Users\Rick\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

fbfbfb
2013-03-26, 02:59
Hello, nellie.

Thank you for the FSS log. Glad you were able to resolve your internet connection issue. Let's work to restore the functionality of your system.

Please run the following scan

Very Important!

Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix and can cause unpredictable results.

Please open Notepad:
Start > Run.
Type notepad in the Open field
Click OK.
Copy and paste the text inside the code box below:


ClearJavaCache::

File::
C:\Users\Rick\AppData\Local\Smartbar\Application\QuickShare.exe
C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
C:\Program Files (x86)\Solid Savings\Solid Savings.dll
C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll

Folder::
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\PriceGong
C:\Users\Rick\AppData\Local\Smartbar
C:\Users\Rick\AppData\Local\Solid Savings
C:\Users\Rick\AppData\Local\Updater26278
C:\Program Files (x86)\Solid Savings
C:\ProgramData\BrowserProtect
C:\Program Files (x86)\Delta
C:\Users\Rick\AppData\Roaming\Delta
C:\Users\Rick\AppData\Roaming\Babylon
C:\ProgramData\Babylon
C:\Users\Rick\AppData\Local\Wajam
C:\Program Files (x86)\Wajam

Registry::
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
[-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrowserInfrastructureHelper"=-
"Optimizer Pro"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=-
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""


Save this as CFScript.txt to your desktop and change the "Save as type" to All Files.
Drag the CFScript.txt into ComboFix.exe as shown in the screenshot below:



http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, ComboFix will produce a log for you. Copy and paste the contents of the log in your next reply.
WARNING
Do not mouse-click ComboFix's window while it is running. This may cause it to stall.
Do not attempt to surf the internet while ComboFix is scanning.
Very Important! Make sure you re-enable your security programs when ComboFix is finished.


Please let me know how your computer is running at this stage.

nellie
2013-03-27, 00:40
Hi fbfbfb

computer is running much better at this stage thank you.

Below are requested logs from combofix after running with your script as input.

-------------------------------

ComboFix 13-03-26.01 - Rick 26/03/2013 22:26:07.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.1730 [GMT 0:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
Command switches used :: c:\users\Rick\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261095~1.52\{c16c1~1\browserprotect.dll"
"c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll"
"c:\program files (x86)\Optimizer Pro\OptProLauncher.exe"
"c:\program files (x86)\Solid Savings\Solid Savings.dll"
"c:\users\Rick\AppData\Local\Smartbar\Application\QuickShare.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Delta
c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
c:\program files (x86)\Delta\delta\1.8.10.0\deltaApp.dll
c:\program files (x86)\Delta\delta\1.8.10.0\deltaEng.dll
c:\program files (x86)\Delta\delta\1.8.10.0\deltasrv.exe
c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll
c:\program files (x86)\Delta\delta\1.8.10.0\escortShld.dll
c:\program files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe
c:\program files (x86)\Delta\delta\1.8.10.0\uninstall.exe
c:\program files (x86)\Optimizer Pro
c:\program files (x86)\Optimizer Pro\OptimizerPro.exe
c:\program files (x86)\Optimizer Pro\OptProGuard.exe
c:\program files (x86)\Optimizer Pro\OptProLauncher.exe
c:\program files (x86)\Optimizer Pro\OptProReminder.exe
c:\program files (x86)\Optimizer Pro\OptProSchedule.exe
c:\program files (x86)\Optimizer Pro\OptProSmartScan.exe
c:\program files (x86)\Optimizer Pro\OptProStart.exe
c:\program files (x86)\Optimizer Pro\OptProUninstaller.exe
c:\program files (x86)\Optimizer Pro\unins000.dat
c:\programdata\Babylon
c:\users\Rick\AppData\Local\Solid Savings
c:\users\Rick\AppData\Roaming\Babylon
c:\users\Rick\AppData\Roaming\Babylon\log_file.txt
c:\users\Rick\AppData\Roaming\Delta
c:\users\Rick\AppData\Roaming\Delta\sqlite3.dll
.
---- Previous Run -------
.
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2013-02-26 to 2013-03-26 )))))))))))))))))))))))))))))))
.
.
2013-03-26 22:35 . 2013-03-26 22:35 -------- d-----w- c:\users\Megan.26NC-PC\AppData\Local\temp
2013-03-26 22:35 . 2013-03-26 22:35 -------- d-----w- c:\users\Kate\AppData\Local\temp
2013-03-26 22:35 . 2013-03-26 22:35 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-03-26 22:35 . 2013-03-26 22:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-26 22:35 . 2013-03-26 22:35 -------- d-----w- c:\users\Alfie\AppData\Local\temp
2013-03-26 22:35 . 2013-03-26 22:35 -------- d-----w- c:\users\Alfie.26NC-PC\AppData\Local\temp
2013-03-26 22:20 . 2013-03-14 23:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45868155-17A4-4721-9198-554AFF9922E3}\mpengine.dll
2013-03-25 22:15 . 2013-03-25 22:15 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5F599EB-B21C-4B32-B5A8-A087EA46E282}\gapaengine.dll
2013-03-25 22:15 . 2013-03-14 23:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-25 22:13 . 2013-03-25 22:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-25 22:13 . 2013-03-25 22:13 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-25 22:07 . 2013-03-19 05:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02C2F498-B349-4EA6-A7DC-9E7C2C97B8E9}\mpengine.dll
2013-03-25 22:06 . 2013-03-25 22:07 -------- d-----w- c:\users\Rick\AppData\Local\Avg2013
2013-03-18 06:48 . 2013-03-18 06:48 -------- d-----w- c:\program files (x86)\ERUNT
2013-03-17 11:59 . 2013-03-17 12:00 -------- d-----w- c:\users\Rick\AppData\Roaming\Kingsoft
2013-03-17 11:59 . 2013-03-17 11:59 -------- d-----w- c:\programdata\Kingsoft
2013-03-17 11:59 . 2013-03-17 11:59 -------- d-----w- c:\program files (x86)\Kingsoft
2013-03-17 11:56 . 1998-06-24 00:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-03-17 11:56 . 2005-03-12 00:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2013-03-17 11:56 . 2013-03-17 11:56 -------- d-----w- c:\program files (x86)\PDFCreator
2013-03-17 11:56 . 1998-07-06 00:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-03-17 11:54 . 2013-03-17 11:54 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-17 11:54 . 2013-03-17 11:54 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-12 15:33 . 2013-03-12 15:33 -------- d-----w- c:\program files\iPod
2013-03-12 15:33 . 2013-03-12 15:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-12 15:33 . 2013-03-12 15:34 -------- d-----w- c:\program files\iTunes
2013-03-12 15:33 . 2013-03-12 15:34 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 23:18 . 2009-11-09 22:15 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-14 12:15 . 2012-04-10 07:10 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 12:15 . 2011-06-03 11:06 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-14 11:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 11:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 11:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 11:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 11:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 11:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2009-11-09 22:22 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 15:59 . 2013-01-20 15:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 15:59 . 2013-01-20 15:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 17:26 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 17:26 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 17:26 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 17:26 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 17:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 17:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 17:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 17:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 17:26 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 17:26 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 17:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 17:26 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 17:26 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-07-17 09:37 . 2011-09-28 18:05 161744 ----a-w- c:\program files (x86)\u4res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [BU]
"Spotify Web Helper"="c:\users\Rick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-12 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [BU]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DHSClient.exe"="c:\program files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [BU]
"Check Point Endpoint Security"="c:\program files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" [2010-09-26 738824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
.
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-1-13 292240]
PURE FlowServer Tray Control.lnk - c:\program files (x86)\PURE Flow Server\twonkymediaserverconfig.exe [2010-12-20 194136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-04 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [2011-09-25 64272]
R3 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
S2 HsdService;HsdService;c:\program files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
S2 PURE Flow Server;PURE Flow Server;c:\program files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe [2010-12-20 153176]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 TracSrvWrapper;Check Point Endpoint Security;c:\program files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-09-26 4142608]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys [2010-09-26 161256]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:15]
.
2013-03-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003Core.job
- c:\users\Megan.26NC-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-16 17:05]
.
2013-03-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003UA.job
- c:\users\Megan.26NC-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-16 17:05]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001Core.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 12:59]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001UA.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 12:59]
.
2013-03-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
2013-03-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2013-03-26 c:\windows\Tasks\WpsUpdateTask_Rick.job
- c:\program files (x86)\Kingsoft\Kingsoft Office\office6\wpsupdate.exe [2011-10-29 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-30 762224]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=121240&babsrc=HP_ss&mntrId=14AD54335A199D0E
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
BHO-{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
HKLM-Run-PocketCloud Location - c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-delta - c:\program files (x86)\Delta\delta\1.8.10.0\GUninstaller.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
AddRemove-Spotify - c:\users\Rick\AppData\Roaming\Spotify\Spotify.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:09,6e,9c,f4,33,26,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,23,82,c9,9d,65,5a,43,be,2b,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,23,82,c9,9d,65,5a,43,be,2b,64,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-26 22:38:02
ComboFix-quarantined-files.txt 2013-03-26 22:38
.
Pre-Run: 332,458,659,840 bytes free
Post-Run: 332,177,997,824 bytes free
.
- - End Of File - - 63DBE5215A7DC2B7A7AB5F69B7B46DF4

fbfbfb
2013-03-27, 15:03
Hello, nellie.

Thank you for the CF log. Glad your computer is showing improvement.


Please continue with the following tasks

1. Uninstall Programs/Toolbars

We need to uninstall: Browser Protect, Quickshare, and Solid Savings.
Click Start and select Control Panel.
When the Control Panel window opens, click on Uninstall a program found under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Look through the list of programs, locate Browser Protect, and then left-click on it once to highlight it.
Click on the Uninstall button.
When asked if you are sure you want to uninstall, click Yes.
The program will uninstall, and when completed, you will be back at the list of programs installed on your computer.
Repeat these steps to uninstall the other 2 programs.
When finished, close the Programs and Features screen2. Uninstall Programs/Toolbars from Internet Explorer

If any of these programs (Browser Protect, Quickshare, Solid Savings) or the Smartbar Toolbar still appear in your browser, continue as follows:
Open Internet Explorer.
Click Tools > Manage Add-ons.
In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
Highlight the programs/toolbar you wish to remove, and select Disable.
The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
Click Close to dismiss the add-ons window.3. Reset Your Home Page and Default Search Engine

Removing toolbars during the clean-up process may have changed your browser settings (homepage, default search engines). If so, please follow the instructions found HERE (http://eula.mindspark.com/reset-homepage-default-search-settings/).


Please run the following scans

1. Junkware Removal Tool

Please download Junkware Removal Tool from HERE (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/).
This will bring you to a prompt screen showing 2 buttons: Save File and Cancel.
Click on the Save File button. The file jrt.exe should save to your desktop or in another location such as your downloads folder.
Locate jrt.exe and double click it to start.
Note: If you receive a prompt asking if you want to open this executable file, click OK. Otherwise continue to the next step. Click Run. A black information screen appears. Click any key to continue.
JRT will begin to backup your registry and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, the log JRT.txt is saved on your desktop and will automatically open.
Post the contents of JRT.txt into your next reply.

2. AdwCleaner

Please download AdwCleaner from HERE (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/).
This will bring you to a prompt screen showing 2 buttons: Save File and Cancel.
Click on the Save File button. The file adwcleaner.exe should save to your desktop or in another location such as your downloads folder.
Locate adwcleaner.exe and double click it to start.
Note: If you receive a prompt asking if you want to open this executable file, click OK. Otherwise continue to the next step. Click Run and the AdwCleaner screen will appear.
You will see 4 buttons: Click Delete and wait for the scan to finish.
Note: AdwCleaner needs to close all open programs—save any work in progress, then click OK to continue. At the next prompt (AdwCleaner Information screen), click OK.
AdwCleaner will restart your computer.
A report will open on reboot.Copy and paste the adwcleaner.txt report into your next reply.

3. Malwarebytes Anti-Malware

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.

http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.Post the report please.

4. ESET Online Scanner
Note: Disable any antivirus program and antispyware programs to avoid conflicts.
If using Mozilla Firefox, you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
Please do not surf the internet while your security programs are disabled.
Let the scan run uninterrupted to avoid a stall.
Remember to enable your security programs when the scan has finished.
Run ESET Online Scanner from HERE (http://www.eset.eu/online-scanner).
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box YES, I accept the Terms of Use.
Click on the Start button next to it.
If prompted, allow the Add-On/Active X to install.
Under Computer scan settings:
Do not check Remove found threats
Check Scan Archives.
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
Wait for the scan to finish. When the scan completes, click List of found threats.
Click Export and save the file to your desktop using a unique name, such as ESETScan.
Copy and paste the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
SUMMARY: In your next reply, please post the following:
JRT.txt
adwcleaner.txt
MBAM log
ESET log
Are there any outstanding issues we need to address?

nellie
2013-03-28, 21:31
Ok fbfbfb thats a lot to concentrate on but hopefully we have everything here...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by Rick on 27/03/2013 at 21:24:00.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane
Successfully deleted: [Registry Key] hkey_classes_root\escort.escortiepane.1
Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\babylontoolbar
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Failed to delete: [Registry Key] hkey_local_machine\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\optimizer pro
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\delta.deltaappcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\quickshare_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\quickshare_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajam_install_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\wajamupdater_rasmancs
Failed to delete: [Registry Key] hkey_local_machine\software\wow6432node\datamngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3196716
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{c1af5fa5-852c-4c90-812e-a7f75e011d87}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{c1af5fa5-852c-4c90-812e-a7f75e011d87}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Rick\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Rick\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\Rick\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/03/2013 at 21:32:19.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.115 - Logfile created 03/27/2013 at 21:35:22
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Rick - 26NC-PC
# Boot Mode : Normal
# Running from : C:\Users\Rick\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Alfie.26NC-PC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alfie.26NC-PC\AppData\LocalLow\Guffins
Folder Deleted : C:\Users\Alfie.26NC-PC\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Kate\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Kate\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Megan.26NC-PC\AppData\LocalLow\Guffins

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\5a28f8dbd38ba40
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Messenger Plus!\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{006BFF73-D6B8-4CC0-A982-1E041D625B08}
Key Deleted : HKLM\Software\OpenCandy NSIS SDK
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5a28f8dbd38ba40
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{224469FC-D32A-423E-90C3-0F69EF5724B8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49A32F81-0BA1-4B43-856C-9A61425E5BF1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D22421A9-9464-4365-AE9B-D4AD70B99924}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D22421A9-9464-4365-AE9B-D4AD70B99924}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF777BF5-D424-4519-A61E-2B5BB204894D}
Key Deleted : HKU\S-1-5-21-1546463944-2749064583-3027644177-1005\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Key Deleted : HKU\S-1-5-21-1546463944-2749064583-3027644177-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKU\S-1-5-21-1546463944-2749064583-3027644177-1005\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1815] : homepage = "hxxp://www.delta-search.com/?affID=121240&babsrc=HP_ss&mntrId=14AD54335A199D0E",

-\\ Opera v [Unable to get version]

File : C:\Users\Rick\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5715 octets] - [27/03/2013 21:35:22]

########## EOF - C:\AdwCleaner[S1].txt - [5775 octets] ##########

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.27.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rick :: 26NC-PC [administrator]

27/03/2013 21:42:22
mbam-log-2013-03-27 (21-42-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 322307
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Rick\Downloads\PDFCreatorSetup.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Rick\Downloads\PDFLite.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully.

(end)


------------------------------------------------------------------------

C:\Qoobox\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application
C:\Qoobox\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\Users\Alfie.26NC-PC\AppData\Local\GuffinsAuto.exe a variant of Win32/AdInstaller application
C:\Users\Megan.26NC-PC\Downloads\Guffins.exe a variant of Win32/AdInstaller application
C:\Users\Rick\AppData\LocalLow\GuffinsEI\Installr\Cache\11040881.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\Rick\Downloads\BitTorrent-6.4.exe multiple threats
C:\Users\Rick\Downloads\cbsidlm-tr1_5-Nokia_PC_Suite-10598525.exe multiple threats
C:\Users\Rick\Downloads\FreemakeVideoConverterSetup.exe Win32/OpenCandy application
C:\Users\Rick\Downloads\m4a-to-mp3-converter (1).exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Rick\Downloads\m4a-to-mp3-converter.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Rick\Downloads\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application
C:\Users\Rick\Downloads\reginout_setup.exe multiple threats
C:\Users\Rick\Downloads\Setup.exe a variant of Win32/Adware.iBryte.G application
C:\Users\Rick\Downloads\U2_-_Rattle_And_Hum_(1988)_[XviD_-_AC3_Eng_-_Sub_Ita_Eng_Fra_Esp]_Rockumentary.exe Win32/Adware.1ClickDownload.S application
C:\Users\Rick\Downloads\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].rar Win32/HackTool.WpaKill.B application
C:\Users\Rick\Downloads\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].ISO Win32/HackTool.WpaKill.B application

fbfbfb
2013-03-29, 17:15
Hello, nellie. Thank you for the logs. You have done very well with the workload. Your JRT and ESET logs indicate that there are still some bad entries we need to remove.

Many of the infections on your system appear to be the result of using a P2P (peer-to-peer) file sharing program (µTorrent, Bit Torrent). P2P programs are a major conduit for malicious software. Some P2P programs will expose your personal information to others by default. Some of the P2P programs themselves contain spyware and divulge your internet activities as well as use your computer's resources without your knowledge. Even if you are using a safe P2P program, downloaded files from uncertified sources are often infected. It is strongly recommend that you uninstall any P2P programs you have on your system. You can uninstall your P2P programs from the Programs list. Should you decide to keep the program, be aware that you will most likely be reinfected.

Please take the time to read through the following articles:

The Dangers of P2P File Sharing HERE (http://www.esecurityguy.com/p2p_file_sharing)
P2P Programs: Popular and Perilous by Robert P. Lipschutz and John Clyman HERE (http://www.pcpitstop.com/spycheck/p2p.asp)


Please work through the following tasks

1. Uninstall Toolbars from Internet Explorer

If any of these toolbars (Datamngr, iLivid, or Searchqu) still appear in your browser, continue as follows:
Open Internet Explorer.
Click Tools > Manage Add-ons.
In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
Highlight the toolbars you wish to remove, and select Disable.
The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
Click Close to dismiss the add-ons window.2. Reset Your Home Page and Default Search Engine

Removing the toolbars may have changed your browser settings (homepage, default search engines). If so, please follow the instructions found HERE (http://eula.mindspark.com/reset-homepage-default-search-settings/).


Please run the following CF scan

Very Important!

Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix and can cause unpredictable results.

Please open Notepad:
Start > Run.
Type notepad in the Open field
Click OK.
Copy and paste the text inside the code box below:


ClearJavaCache::

File::
C:\Users\Alfie.26NC-PC\AppData\Local\GuffinsAuto.exe
C:\Users\Megan.26NC-PC\Downloads\Guffins.exe
C:\Users\Rick\AppData\LocalLow\GuffinsEI\Installr\Cache\11040881.exe
C:\Users\Rick\Downloads\BitTorrent-6.4.exe
C:\Users\Rick\Downloads\cbsidlm-tr1_5-Nokia_PC_Suite-10598525.exe
C:\Users\Rick\Downloads\FreemakeVideoConverterSetup.exe
C:\Users\Rick\Downloads\m4a-to-mp3-converter (1).exe
C:\Users\Rick\Downloads\m4a-to-mp3-converter.exe
C:\Users\Rick\Downloads\MsgPlusLive-483.exe
C:\Users\Rick\Downloads\reginout_setup.exe
C:\Users\Rick\Downloads\Setup.exe
C:\Users\Rick\Downloads\U2_-_Rattle_And_Hum_(1988)_[XviD_-_AC3_Eng_-_Sub_Ita_Eng_Fra_Esp]_Rockumentary.exe
C:\Users\Rick\Downloads\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].rar
C:\Users\Rick\Downloads\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].ISO

Save this as CFScript.txt to your desktop and change the "Save as type" to All Files.
Drag the CFScript.txt into ComboFix.exe as shown in the screenshot below:



http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, ComboFix will produce a log for you. Copy and paste the contents of the log in your next reply.
WARNING
Do not mouse-click ComboFix's window while it is running. This may cause it to stall.
Do not attempt to surf the internet while ComboFix is scanning.
Very Important! Make sure you re-enable your security programs when ComboFix is finished.

nellie
2013-04-01, 23:23
ComboFix 13-04-01.01 - Rick 01/04/2013 21:07:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2241 [GMT 1:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
Command switches used :: c:\users\Rick\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Alfie.26NC-PC\AppData\Local\GuffinsAuto.exe"
"c:\users\Megan.26NC-PC\Downloads\Guffins.exe"
"c:\users\Rick\AppData\LocalLow\GuffinsEI\Installr\Cache\11040881.exe"
"c:\users\Rick\Downloads\BitTorrent-6.4.exe"
"c:\users\Rick\Downloads\cbsidlm-tr1_5-Nokia_PC_Suite-10598525.exe"
"c:\users\Rick\Downloads\FreemakeVideoConverterSetup.exe"
"c:\users\Rick\Downloads\m4a-to-mp3-converter (1).exe"
"c:\users\Rick\Downloads\m4a-to-mp3-converter.exe"
"c:\users\Rick\Downloads\MsgPlusLive-483.exe"
"c:\users\Rick\Downloads\reginout_setup.exe"
"c:\users\Rick\Downloads\Setup.exe"
"c:\users\Rick\Downloads\U2_-_Rattle_And_Hum_(1988)_[XviD_-_AC3_Eng_-_Sub_Ita_Eng_Fra_Esp]_Rockumentary.exe"
"c:\users\Rick\Downloads\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].rar"
"c:\users\Rick\Downloads\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].ISO"
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 20:17 . 2013-04-01 20:17 -------- d-----w- c:\users\Megan.26NC-PC\AppData\Local\temp
2013-04-01 20:17 . 2013-04-01 20:17 -------- d-----w- c:\users\Kate\AppData\Local\temp
2013-04-01 20:17 . 2013-04-01 20:17 -------- d-----w- c:\users\hedev\AppData\Local\temp
2013-04-01 20:17 . 2013-04-01 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-01 20:17 . 2013-04-01 20:17 -------- d-----w- c:\users\Alfie\AppData\Local\temp
2013-04-01 20:17 . 2013-04-01 20:17 -------- d-----w- c:\users\Alfie.26NC-PC\AppData\Local\temp
2013-03-29 07:04 . 2013-03-14 23:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EB37A7C6-88C3-4338-831A-3599C9646959}\mpengine.dll
2013-03-29 06:18 . 2013-03-29 06:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-29 06:18 . 2009-01-25 12:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-03-29 06:18 . 2013-03-29 06:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-28 07:03 . 2013-03-14 23:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-27 21:41 . 2013-03-27 21:41 -------- d-----w- c:\users\Rick\AppData\Roaming\Malwarebytes
2013-03-27 21:41 . 2013-03-27 21:41 -------- d-----w- c:\programdata\Malwarebytes
2013-03-27 21:41 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-27 21:41 . 2013-03-27 21:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-27 21:41 . 2013-03-27 21:41 -------- d-----w- c:\users\Rick\AppData\Local\Programs
2013-03-27 21:23 . 2013-03-27 21:23 -------- d-----w- c:\windows\ERUNT
2013-03-27 21:23 . 2013-03-27 21:23 -------- d-----w- C:\JRT
2013-03-26 22:11 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 22:15 . 2013-03-25 22:15 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D5F599EB-B21C-4B32-B5A8-A087EA46E282}\gapaengine.dll
2013-03-25 22:13 . 2013-03-25 22:13 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-25 22:13 . 2013-03-25 22:13 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-25 22:07 . 2013-03-19 05:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02C2F498-B349-4EA6-A7DC-9E7C2C97B8E9}\mpengine.dll
2013-03-25 22:06 . 2013-03-25 22:07 -------- d-----w- c:\users\Rick\AppData\Local\Avg2013
2013-03-17 11:59 . 2013-03-29 07:57 -------- d-----w- c:\users\Rick\AppData\Roaming\Kingsoft
2013-03-17 11:59 . 2013-03-17 11:59 -------- d-----w- c:\programdata\Kingsoft
2013-03-17 11:59 . 2013-03-17 11:59 -------- d-----w- c:\program files (x86)\Kingsoft
2013-03-17 11:56 . 1998-06-24 00:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-03-17 11:56 . 2005-03-12 00:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll
2013-03-17 11:56 . 2013-03-17 11:56 -------- d-----w- c:\program files (x86)\PDFCreator
2013-03-17 11:56 . 1998-07-06 00:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-03-17 11:54 . 2013-03-17 11:54 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-03-17 11:54 . 2013-03-17 11:54 -------- d-----w- c:\windows\SysWow64\Extensions
2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-12 15:33 . 2013-03-12 15:33 -------- d-----w- c:\program files\iPod
2013-03-12 15:33 . 2013-03-12 15:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-12 15:33 . 2013-03-12 15:34 -------- d-----w- c:\program files\iTunes
2013-03-12 15:33 . 2013-03-12 15:34 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-14 23:18 . 2009-11-09 22:15 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-14 12:15 . 2012-04-10 07:10 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 12:15 . 2011-06-03 11:06 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-14 11:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 11:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 11:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 11:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 11:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 11:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2009-11-09 22:22 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 15:59 . 2013-01-20 15:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 15:59 . 2013-01-20 15:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 17:26 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 17:26 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 17:26 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 17:26 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 17:26 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 17:26 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 17:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 17:26 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 17:26 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 17:26 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 17:26 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 17:26 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 17:26 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-07-17 09:37 . 2011-09-28 18:05 161744 ----a-w- c:\program files (x86)\u4res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [BU]
"Spotify Web Helper"="c:\users\Rick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-12 1193176]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"dellsupportcenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [BU]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"DHSClient.exe"="c:\program files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" [2011-03-23 2032952]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [BU]
"Check Point Endpoint Security"="c:\program files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe" [2010-09-26 738824]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2012-1-13 292240]
PURE FlowServer Tray Control.lnk - c:\program files (x86)\PURE Flow Server\twonkymediaserverconfig.exe [2010-12-20 194136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-04 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-05 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-05 94808]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys [2011-09-25 64272]
R3 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [2007-12-03 24064]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2008-10-24 43008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-26 203776]
S2 HsdService;HsdService;c:\program files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
S2 PURE Flow Server;PURE Flow Server;c:\program files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe [2010-12-20 153176]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2007-12-11 26624]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 TracSrvWrapper;Check Point Endpoint Security;c:\program files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-09-26 4142608]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-05 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-05 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-05 94808]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys [2010-09-26 161256]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:15]
.
2013-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003Core.job
- c:\users\Megan.26NC-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-16 17:05]
.
2013-04-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1003UA.job
- c:\users\Megan.26NC-PC\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-16 17:05]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001Core.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 12:59]
.
2013-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1546463944-2749064583-3027644177-1001UA.job
- c:\users\Rick\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-22 12:59]
.
2013-03-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
2013-01-22 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-20 16:07]
.
2013-04-01 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rick\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-30 762224]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Optimizer Pro_is1 - c:\program files (x86)\Optimizer Pro\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:09,6e,9c,f4,33,26,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,23,82,c9,9d,65,5a,43,be,2b,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bf,23,82,c9,9d,65,5a,43,be,2b,64,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-01 21:20:08
ComboFix-quarantined-files.txt 2013-04-01 20:20
ComboFix2.txt 2013-03-26 22:38
.
Pre-Run: 342,992,547,840 bytes free
Post-Run: 342,996,193,280 bytes free
.
- - End Of File - - 13ED651D99A6C406F3E5DBFF37C0E9CB

fbfbfb
2013-04-02, 05:33
Hello, nellie.

Thank you for the log. We need to manually remove several entries. Please continue as follows:

1. Show Hidden System Files and Folders

Some of the files and folders we need to delete are hidden and need to be shown before they can be removed. Please do the following:
Click Start, then click Control Panel.
Locate and double-click Folder Options.
Click on the View tab.
Under the Advanced Settings section, please do the following:
Under Hidden files and folders, check Show hidden files, folders, or drives.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files (Recommended) . When the warning message appears, click YES.
Click Apply > OK.2. Remove Files and Folders

Please do the following:

Click Start > My Computer and double click Local Disk C:.
Click the following folder: Program Files
If it exists, locate the following folder, open it, and click uninstall.exe.


Windows Searchqu Toolbar or Windows iLivid Toolbar

Go back to Local Disk C:.
Click on each of the following folders: Users > Megan.26NC-PC > Downloads.
Locate the following file, right click on it, and then click Delete .


Guffins.exe

Go back to Users.
Click on each of the following folders: Users > Rick > Downloads.
Locate the following files, right click each file one at a time, and then click Delete after each one.


BitTorrent-6.4.exe
cbsidlm-tr1_5-Nokia_PC_Suite-10598525.exe
FreemakeVideoConverterSetup.exe
m4a-to-mp3-converter (1).exe
m4a-to-mp3-converter.exe
MsgPlusLive-483.exe
reginout_setup.exe
Setup.exe
U2_-_Rattle_And_Hum_(1988)_[XviD_-_AC3_Eng_-_Sub_Ita_Eng_Fra_Esp]_Rockumentary.exe
Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].rar
XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition]\Windows XP Home SP2 [OEM Edition].ISO

Go back to Rick.
Click on each of the following folders: AppData > local.
Locate the following folder, right click on it, and then click Delete.


GuffinsEI\Installr\Cache\11040881.exe
Go back to Users.
Click on each of the following folders: AppData > local.
Locate the following folder, right click on it, and then click Delete.


GuffinsAuto.exe

3. Hide System Files and Folders

We need to rehide the system files and folders to keep them from being accidentally changed or deleted. Please do the following:
Click Start, then click Control Panel.
Locate and double-click Folder Options.
Click on the View tab.
Under the Advanced Settings section, please do the following:
Under Hidden files and folders, uncheck Show hidden files, folders, or drives.
Check Hide file extensions for known file types.
Check Hide protected operating system files (Recommended) . When the warning message appears, click YES.
Click Apply > OK.

Please run DDS and send me a fresh log.
Let me know how your computer is running and if there are any outstanding issues.

nellie
2013-04-03, 21:22
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470
Run by Rick at 19:21:13 on 2013-04-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2738 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
C:\Program Files (x86)\PURE Flow Server\twonkymediaserverconfig.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe
C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rick\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Spotify Web Helper] "C:\Users\Rick\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun: [DHSClient.exe] "C:\Program Files (x86)\Virgin Media\Digital Home Support\DHSClient.exe" /AUTORUN
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [Check Point Endpoint Security] "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Rick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PUREFL~1.LNK - C:\Program Files (x86)\PURE Flow Server\twonkymediaserverconfig.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutorun = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUplden-gb.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2C4C7ED0-6783-40CB-8052-DED17AC0FAD8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B03AE1B0-8357-40AE-803B-242412DBD29A} : DHCPNameServer = 109.249.185.224 109.249.188.32
TCP: Interfaces\{E0223885-1943-4AE8-8DC4-C8F81DDEB5BB} : DHCPNameServer = 170.198.40.65 170.198.78.65
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [VX3000] C:\Windows\vVX3000.exe
x64-Run: [PocketCloud Location] "C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe"
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-13 55856]
R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-30 505720]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-18 203776]
R2 HsdService;HsdService;C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2012-4-30 1406264]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 PURE Flow Server;PURE Flow Server;C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe -serviceversion 0 --> C:\Program Files (x86)\PURE Flow Server\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2009-11-10 26624]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-29 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-29 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-29 168384]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2012-4-30 689464]
R2 TracSrvWrapper;Check Point Endpoint Security;C:\Program Files (x86)\CheckPoint\Endpoint Connect\TracSrvWrapper.exe [2010-9-26 4142608]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680]
R3 vna_ap;Check Point Virtual Network Adapter - Apollo;C:\Windows\System32\drivers\vnaap.sys [2010-9-26 161256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-6-4 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-6-4 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-5-5 202840]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-5-5 1417304]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-5-5 94808]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]
S3 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-2-28 64272]
S3 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2009-11-10 43008]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2009-11-10 24064]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2009-11-10 43008]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-3 1255736]
.
=============== Created Last 30 ================
.
2013-04-01 20:28:46 -------- d-sh--w- C:\$RECYCLE.BIN
2013-04-01 20:21:23 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F74E2272-E67A-413D-8F75-AB2D38EA4D46}\mpengine.dll
2013-03-29 06:18:21 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-03-29 06:18:13 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-03-29 06:18:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-28 07:03:28 9311288 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-27 21:41:41 -------- d-----w- C:\Users\Rick\AppData\Roaming\Malwarebytes
2013-03-27 21:41:26 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-27 21:41:21 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-27 21:41:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-27 21:41:03 -------- d-----w- C:\Users\Rick\AppData\Local\Programs
2013-03-27 21:23:57 -------- d-----w- C:\Windows\ERUNT
2013-03-27 21:23:48 -------- d-----w- C:\JRT
2013-03-26 22:24:34 98816 ----a-w- C:\Windows\sed.exe
2013-03-26 22:24:34 256000 ----a-w- C:\Windows\PEV.exe
2013-03-26 22:24:34 208896 ----a-w- C:\Windows\MBR.exe
2013-03-26 22:11:12 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-25 22:15:10 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D5F599EB-B21C-4B32-B5A8-A087EA46E282}\gapaengine.dll
2013-03-25 22:13:39 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-03-25 22:13:15 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-03-25 22:07:49 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{02C2F498-B349-4EA6-A7DC-9E7C2C97B8E9}\mpengine.dll
2013-03-25 22:06:51 -------- d-----w- C:\Users\Rick\AppData\Local\Avg2013
2013-03-17 11:59:56 -------- d-----w- C:\Users\Rick\AppData\Roaming\Kingsoft
2013-03-17 11:59:56 -------- d-----w- C:\ProgramData\Kingsoft
2013-03-17 11:59:54 -------- d-----w- C:\Program Files (x86)\Kingsoft
2013-03-17 11:56:34 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX
2013-03-17 11:56:33 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll
2013-03-17 11:56:32 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL
2013-03-17 11:56:32 -------- d-----w- C:\Program Files (x86)\PDFCreator
2013-03-17 11:54:44 -------- d-----w- C:\Windows\SysWow64\searchplugins
2013-03-17 11:54:44 -------- d-----w- C:\Windows\SysWow64\Extensions
2013-03-16 06:30:42 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2013-03-12 15:33:49 -------- d-----w- C:\Program Files\iPod
2013-03-12 15:33:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-12 15:33:48 -------- d-----w- C:\Program Files\iTunes
2013-03-12 15:33:48 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2013-03-14 12:15:15 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-14 12:15:15 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 15:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 15:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-17 09:37:55 161744 ----a-w- C:\Program Files (x86)\u4res.dll
.
============= FINISH: 19:21:41.91 ===============

nellie
2013-04-03, 21:24
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 09/11/2009 22:11:25
System Uptime: 03/04/2013 18:25:38 (1 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | CPU 1 | 3003/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 319.504 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 3.874 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP352: 01/04/2013 21:04:48 - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
µTorrent
Bonjour
BookSmart® 2.5.1 2.5.1
Check Point Endpoint Security
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative WaveStudio 7
D3DX10
Dell Driver Download Manager
Dell Support Center
Diagnostic Utility
Dropbox
Facebook Video Calling 1.2.0.287
FileZilla Client 3.5.1
Free M4a to MP3 Converter 7.1
Freemake Video Converter version 3.1.1
Garmin Communicator Plugin
Garmin Communicator Plugin x64
Garmin USB Drivers
Google Chrome
HD Writer AE 3.0
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Photo Creations
HP Update
iCloud
iTunes
Java 7 Update 10 (64-bit)
Lame ACM MP3 Codec
MAGIX 3D Maker (embeded)
MAGIX Movie Edit Pro 16 Plus Download Version 9.0.1.60 (UK)
MAGIX Screenshare
MAGIX Speed burnR
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft IntelliPoint 8.2
Microsoft IntelliType Pro 8.2
Microsoft LifeCam
Microsoft MapPoint Europe 2010
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Movie Maker
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Optimizer Pro v3.0
Paddy Power Poker
Paddy Power Poker Odds Calculator 1.4.2
PDFCreator
Photo Common
Photo Gallery
Picasa 3
PURE Flow Server
QuickTime
Radialpoint Security Advisor 2.5.23
Rapport
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
SDFormatter
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SILKYPIX Developer Studio 3.0 SE
Skype Toolbars
Skype™ 6.1
SoundFont Bank Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VBA (2627.01)
Virgin Media Digital Home Support 2.1.27
Virgin Media Service Manager 3.7.47
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.00 beta 4 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
29/03/2013 07:57:01, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
01/04/2013 21:17:34, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
01/04/2013 21:06:12, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.700.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
01/04/2013 21:06:12, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.700.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
.
==== End Of File ===========================


Computer is running much better now thank you. Really noticing a difference in my browser response time :)

Anything else you need me to do?

fbfbfb
2013-04-04, 04:50
Hello, nellie.

Glad to have assisted you with your problem, and we are pleased that your computer is now working well.

These final steps will take you through some important housekeeping tasks. Please work through the following steps to ensure that unnecessary programs and files have been removed and your system is up-to-date.

Uninstall Combofix.
Click Start > Run command. This will open up the Run dialog box
In the Open field type combofix /uninstall. Please note that there is a space between combofix and /uninstall.
Click OK. The Open File security warning will appear asking if you are sure you want to run ComboFix. Please click the Run button to start the program. This will uninstall Combofix and anything associated with it.
When ComboFix has finished uninstalling, delete the ComboFix.exe program from your computer.Tool Removal

You no longer need the following tools. Please delete these and any logs from your machine: DDS, aswMBR, TDSSKiller, Farbar Service Scanner, JRT and AdwCleaner. You can keep Malwarebytes for future use if you choose.

If you wish to uninstall ESET Online Scanner, please do the following:
Click Start and select Control Panel.
Click the Uninstall a Program option found under the Programs category.
Select the ESET Online Scanner.
Click Remove.
A restart may be required to complete uninstallation.
Clean Up Temp Files

Please download TFC (http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer) by OldTimer to your desktop.
Close any open windows.
Double click the TFC icon to run the program.
TFC will close all open programs itself in order to run.
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish.
Once complete, it should automatically reboot your machine.
If your computer does not automatically reboot, manually reboot to ensure a complete clean.Update Java

To improve your software's performance or stability, please remove any older versions of Java and update to the latest version (update 17).

Click Start > Control Panel.
Click on the Java icon (coffee cup symbol) > Update > Update Now .
Follow the prompts to install the latest version of Java.To remove older versions:

Click Start and select Control Panel.
When the Control Panel window opens, click on Uninstall a program found under the Programs category.
If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
Look through the list of programs for any old versions of Java, and then left-click on it once to highlight it.
Click on the Uninstall button.
When finished, close the Programs and Features screen.Update Internet Explorer

Download the latest version of Internet Explorer HERE (http://windows.microsoft.com/en-CA/internet-explorer/downloads/ie-10/worldwide-languages).

Turn On Automatic Updates

You can stay up to date with the latest critical and security updates by using Automatic Updates. To turn on Automatic Updates:
Click Start > click Control Panel > Click Windows Update.
In the left pane, click Change Settings.
Under Important Updates, click the down arrow and select Install updates automatically (recommended).
Under Recommended Updates, check Give me updates the same way I receive Important Updates.
Under Who can install updates, check Allow all users to install updates on this computer.
Click OK to apply the changes.

Note: If Windows prompts you to confirm these changes, allow it. Close the window.Adobe Updates

Adobe Reader
To improve the funtionaility and security of your software, please update Adobe Reader HERE (http://get.adobe.com/reader/). Updates safeguard your system against malicious attacks through PDF files.

Update Adobe Flash
Please update Adobe Flash HERE (http://www.adobe.com/support/flashplayer/downloads.html). Updating your Flash player ensures that it is working properly and guards against security vulnerabilities.

Recommended Reading

To maintain a clean and healthy system, please take the time to read through the following informative articles:
The Dangers of P2P File Sharing HERE (http://www.esecurityguy.com/p2p_file_sharing)
How to Prevent Malware by Miekiemoes HERE (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So How Did I Get Infected In the First Place? By Tony Klein HERE (http://www.spywareinfoforum.com/index.php?showtopic=60955)
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams HERE (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/)
Help! My computer is Slow – How to improve system performance after malware removal by Miekiemoes HERE (http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html)
Create Strong Passwords by Microsoft HERE (http://www.microsoft.com/security/online-privacy/passwords-create.aspx)
PC Safety and Security – What do I need to do? by Glaswegian HERE (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)


Wishing you all a very safe browsing experience. :)
~ fbfbfb

nellie
2013-04-04, 23:07
thank you SO much fbfbfb!!

My computer is running like new again. Will try my best to keep it this way, which will include 'educating' my kids as to what they do and don't download. I will also be more careful myself in future ;)

Thank you again for your assistance. Your are a valued member of the safer networking team.

:bigthumb:

fbfbfb
2013-04-05, 01:10
Nellie, thank you very much for your kind and supportive words. It was our pleasure to assist you.

All the best,
~fbfbfb