Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hibernation not working


  • Please log in to reply
8 replies to this topic

#1 Daiquiri

Daiquiri

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 12 October 2012 - 07:06 PM

Ok, this problem has been happen for some time now and its starting to get annoying.
Basically, whenever I try to put my computer into hibernation or sleep, the screen goes black, the power light and my wireless internet light on my laptop stays on.
I checked the event viewer and it seems that whenever this occurs, an event id error of 7011(A timeout (30000 milliseconds) was reached) occurs for a lot of my services.
I recently cleaned a virus using Microsoft Forefront End Point so maybe the virus wasn't completely removed or did something else...

Anyway, any help will be appreciated.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:54 AM

Posted 15 October 2012 - 12:36 PM

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.


The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.

#3 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 15 October 2012 - 01:27 PM

DDS (Ver_2012-10-14.05) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by UTA at 13:18:01 on 2012-10-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2667.1523 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\lxeccoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\NlsSrv32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBit2.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: mswsock.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{29A29CFF-48E5-4B6D-99DC-46C5BB144648} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{29A29CFF-48E5-4B6D-99DC-46C5BB144648}\2375942554630303 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{29A29CFF-48E5-4B6D-99DC-46C5BB144648}\55451477962756C6563737023556475707 : DHCPNameServer = 129.107.31.80 129.107.45.80 129.107.62.80
TCP: Interfaces\{29A29CFF-48E5-4B6D-99DC-46C5BB144648}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\UTA\AppData\Roaming\Mozilla\Firefox\Profiles\ro2rivkv.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-15 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-15 40064]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-8-13 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-17 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-6-17 365568]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-6-14 26680]
R2 lxec_device;lxec_device;C:\Windows\System32\lxeccoms.exe -service --> C:\Windows\System32\lxeccoms.exe -service [?]
R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-7-18 80448]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\NlsSrv32.exe --> C:\Windows\System32\NlsSrv32.exe [?]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-13 46136]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-7-5 9359872]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-7-5 309760]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-8-13 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-8-13 1145448]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-8-13 44672]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-23 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-25 250808]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-7-25 139776]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-23 136176]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-7-30 117520]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 115184]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VSPerfDrv110;Performance Tools Driver 11.0;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-7-13 70264]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-13 1817088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-15 17:05:02 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6686891F-8959-44CF-B457-17D315A0ED00}\mpengine.dll
2012-10-14 03:15:10 -------- d-----w- C:\Users\UTA\AppData\Local\Alex F
2012-10-13 21:18:43 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-10-13 21:18:43 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-10-13 03:01:59 -------- d-----w- C:\Users\UTA\AppData\Local\Demo3
2012-10-13 00:15:12 -------- d-----w- C:\Users\UTA\AppData\Local\Demo1
2012-10-13 00:12:54 -------- d-----w- C:\Users\UTA\AppData\Local\YoYo_Games_Ltd
2012-10-13 00:12:53 -------- d-----w- C:\Users\UTA\AppData\Roaming\GameMaker-Studio
2012-10-13 00:11:05 -------- d-----w- C:\Users\UTA\GameMaker-Studio 1.1
2012-10-13 00:11:05 -------- d-----w- C:\Users\UTA\AppData\Local\GameMaker-Studio
2012-10-11 14:15:28 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-10-11 14:14:08 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-10-11 14:14:07 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-10-11 14:14:05 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-10-11 14:12:58 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-11 14:12:37 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-10-11 14:12:36 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-10-11 14:11:45 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-11 14:11:06 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-11 14:10:57 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-11 14:10:56 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-11 14:08:25 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-11 14:08:24 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-11 14:08:24 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-11 14:07:33 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-11 14:07:32 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-11 14:07:26 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-11 05:44:56 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-10-11 05:31:39 -------- d-----w- C:\Users\UTA\AppData\Roaming\PC Cleaners
2012-10-11 05:29:12 4589880 ----a-w- C:\Windows\uninst.exe
2012-10-11 05:29:02 -------- d-----w- C:\Users\UTA\AppData\Roaming\PCPro
2012-10-11 05:29:02 -------- d-----w- C:\ProgramData\PC1Data
2012-10-11 05:25:24 -------- d-----w- C:\ProgramData\Ask
2012-10-03 02:48:03 -------- d-----w- C:\Program Files (x86)\Microsoft Ribbon for WPF
2012-10-02 23:08:10 -------- d-----w- C:\Windows\pss
2012-10-01 20:07:51 -------- d-----w- C:\Program Files\Microsoft Device Center
2012-10-01 19:43:45 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-10-01 19:43:44 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-10-01 19:43:42 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-29 02:27:45 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2012-09-29 02:27:45 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2012-09-29 02:27:45 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2012-09-29 02:27:45 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2012-09-29 02:25:38 -------- d-----w- C:\Windows\SysWow64\xlive
2012-09-29 02:25:37 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-09-29 02:25:29 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-09-28 05:02:07 -------- d-----w- C:\Users\UTA\AppData\Local\PreEmptive Solutions
2012-09-28 04:58:24 -------- d-----w- C:\Users\UTA\AppData\Local\Apps
2012-09-28 04:58:23 -------- d-----w- C:\Users\UTA\AppData\Local\Deployment
2012-09-28 03:47:57 2111360 ----a-w- C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-09-28 03:32:39 -------- d-----w- C:\Program Files\Application Verifier
2012-09-28 03:32:39 -------- d-----w- C:\Program Files (x86)\Application Verifier
2012-09-28 03:32:31 -------- d-----w- C:\ProgramData\Windows App Certification Kit
2012-09-28 03:31:43 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2012-09-28 03:29:13 -------- d-----w- C:\Program Files (x86)\NuGet
2012-09-28 03:29:02 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services
2012-09-28 03:27:47 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-09-28 03:20:23 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2012-09-28 03:09:30 -------- d-----w- C:\Program Files\Microsoft Visual Studio 11.0
2012-09-27 23:58:15 -------- d-----w- C:\Program Files\CCleaner
2012-09-27 14:04:56 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-27 13:57:29 -------- d-----w- C:\Windows\SysWow64\obj
2012-09-27 12:32:53 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-09-27 12:21:45 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-09-27 12:19:11 -------- d-----w- C:\Program Files (x86)\Microsoft Expression
2012-09-27 06:22:40 -------- d-----w- C:\Users\UTA\AppData\Roaming\e-academy Inc
2012-09-27 06:22:40 -------- d-----w- C:\Users\UTA\AppData\Local\e-academy Inc
2012-09-27 05:49:24 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-27 05:48:11 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51DA8E44-A810-408F-AD7A-E45424A397B5}\gapaengine.dll
2012-09-27 05:40:00 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-25 03:28:23 -------- d-----w- C:\Users\UTA\AppData\Roaming\Microsoft FxCop
2012-09-25 00:26:46 1075424 ----a-w- C:\ProgramData\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2012-09-25 00:17:32 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2012-09-25 00:17:11 -------- d-----w- C:\Program Files (x86)\Windows Kits
2012-09-25 00:13:12 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2012-09-25 00:05:17 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0
2012-09-24 23:30:41 -------- d-----w- C:\Windows\CheckSur
2012-09-24 22:55:55 -------- d-----w- C:\Users\UTA\AppData\Local\ElevatedDiagnostics
2012-09-24 22:48:55 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2012-09-24 22:33:44 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-24 19:59:06 -------- d-----w- C:\Program Files (x86)\WPF Toolkit
2012-09-21 01:24:54 -------- d-----w- C:\Users\UTA\AppData\Roaming\TP
2012-09-21 01:06:51 -------- d-----w- C:\Users\UTA\AppData\Roaming\BitTorrent
2012-09-16 22:39:16 -------- d-----w- C:\Users\UTA\AppData\Local\CrashDumps
2012-09-16 22:39:00 -------- d-----w- C:\Users\UTA\AppData\Local\{4CFCE791-004F-11E2-8271-B8AC6F996F26}
2012-09-16 22:38:20 -------- d-----w- C:\Users\UTA\AppData\Roaming\hellomoto
.
==================== Find3M ====================
.
2012-10-09 03:23:59 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-09 03:23:58 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-27 14:04:41 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-27 14:04:41 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-26 20:22:10 997336 ----a-w- C:\Windows\System32\vccorlib110d.dll
2012-07-26 01:32:00 98792 ----a-w- C:\Windows\SysWow64\vfrdvcompat.dll
2012-07-26 01:32:00 164200 ----a-w- C:\Windows\SysWow64\vrfcore.dll
2012-07-26 01:31:56 87328 ----a-w- C:\Windows\SysWow64\vfcompat.dll
2012-07-26 01:31:56 81592 ----a-w- C:\Windows\SysWow64\vfnet.dll
2012-07-26 01:31:56 61384 ----a-w- C:\Windows\SysWow64\vfnws.dll
2012-07-26 01:31:56 52032 ----a-w- C:\Windows\SysWow64\vfcuzz.dll
2012-07-26 01:31:56 40136 ----a-w- C:\Windows\SysWow64\vfntlmless.dll
2012-07-26 01:31:56 367392 ----a-w- C:\Windows\SysWow64\vfprintpthelper.dll
2012-07-26 01:31:56 353328 ----a-w- C:\Windows\SysWow64\vfbasics.dll
2012-07-26 01:31:56 306592 ----a-w- C:\Windows\SysWow64\vfprint.dll
2012-07-26 01:31:56 242776 ----a-w- C:\Windows\SysWow64\vfluapriv.dll
2012-07-26 01:31:56 21448 ----a-w- C:\Windows\SysWow64\cuzzapi.dll
2012-07-26 01:31:56 173520 ----a-w- C:\Windows\SysWow64\appverif.exe
2012-07-26 01:25:44 59848 ----a-w- C:\Windows\SysWow64\VSD3DRefDebug.dll
2012-07-26 01:25:28 713672 ----a-w- C:\Windows\SysWow64\d3d11_1sdklayers.dll
2012-07-26 01:25:28 609224 ----a-w- C:\Windows\SysWow64\d3d11ref.dll
2012-07-26 01:25:28 590792 ----a-w- C:\Windows\SysWow64\d3d11sdklayers.dll
2012-07-26 01:25:28 461256 ----a-w- C:\Windows\SysWow64\d3d10sdklayers.dll
2012-07-26 01:25:28 383944 ----a-w- C:\Windows\SysWow64\d3dref9.dll
2012-07-26 01:25:28 365512 ----a-w- C:\Windows\SysWow64\d3d10ref.dll
2012-07-26 01:25:28 277448 ----a-w- C:\Windows\SysWow64\d2d1debug1.dll
2012-07-26 01:25:28 232904 ----a-w- C:\Windows\SysWow64\dxcpl.exe
2012-07-26 01:25:28 102344 ----a-w- C:\Windows\SysWow64\dxgidebug.dll
2012-07-26 01:12:12 29128 ----a-w- C:\Windows\System32\microsoft.windows.softwarelogo.showdesktop.exe
2012-07-26 01:10:44 79304 ----a-w- C:\Windows\System32\VSD3DRefDebug.dll
2012-07-26 01:10:32 887240 ----a-w- C:\Windows\System32\d3d11_1sdklayers.dll
2012-07-26 01:10:32 749000 ----a-w- C:\Windows\System32\d3d11ref.dll
2012-07-26 01:10:32 713160 ----a-w- C:\Windows\System32\d3d11sdklayers.dll
2012-07-26 01:10:32 596936 ----a-w- C:\Windows\System32\d3d10sdklayers.dll
2012-07-26 01:10:32 461256 ----a-w- C:\Windows\System32\d3d10ref.dll
2012-07-26 01:10:32 340936 ----a-w- C:\Windows\System32\d2d1debug1.dll
2012-07-26 01:10:32 127432 ----a-w- C:\Windows\System32\dxgidebug.dll
2012-07-26 01:10:30 246216 ----a-w- C:\Windows\System32\dxcpl.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 18:55:44 44 ---h--w- C:\Program Files (x86)\bb2bf079.tmp
.
============= FINISH: 13:22:53.12 ===============

#4 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 15 October 2012 - 01:31 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/25/2011 1:02:58 AM
System Uptime: 10/15/2012 1:12:47 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3577
Processor: AMD E-350 Processor | Socket FT1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 129.853 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.619 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.084 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP131: 10/2/2012 6:54:18 PM - Windows Update
RP132: 10/2/2012 7:31:05 PM - Windows Update
RP133: 10/2/2012 7:58:18 PM - Windows Update
RP134: 10/2/2012 8:23:17 PM - Windows Update
RP135: 10/2/2012 8:46:38 PM - Windows Update
RP136: 10/2/2012 9:01:15 PM - Windows Update
RP137: 10/2/2012 9:37:42 PM - Windows Update
RP138: 10/2/2012 9:47:40 PM - Installed Microsoft Ribbon for WPF Source and Samples (V. 4.0.0.11019)
RP139: 10/3/2012 12:59:37 PM - Windows Update
RP140: 10/4/2012 8:46:13 AM - Windows Update
RP141: 10/6/2012 11:42:33 AM - Windows Update
RP142: 10/7/2012 10:10:16 AM - Windows Update
RP143: 10/9/2012 8:49:07 AM - Windows Update
RP149: 10/11/2012 8:15:59 AM - Windows Update
RP150: 10/12/2012 9:53:11 AM - Windows Update
RP151: 10/12/2012 3:36:37 PM - Windows Update
RP152: 10/15/2012 1:44:48 AM - Revo Uninstaller's restore point - GameMaker-Studio 1.1
RP153: 10/15/2012 1:46:57 AM - Revo Uninstaller's restore point - GameMaker-Studio 1.1
.
==== Installed Programs ======================
.
Tools for .Net 3.5
Acoustica Effects Pack
Adobe AIR
Adobe Community Help
Adobe Extension Manager CS5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Agatha Christie - Peril at End House
AMD APP SDK Runtime
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
ATI Catalyst Install Manager
Audacity 2.0
AVI Player
Bejeweled 3
BitTorrent
BitTorrentBar Toolbar
Blackhawk Striker 2
Blasterball 3
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Blender
Blio
Bounce Symphony
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cheat Engine 6.1
Chronicles of Albian
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CopperCube 3.1.0 (remove only)
Cradle of Rome 2
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dev-C++ 5 beta 9 release (4.9.9.2)
DirectX 8.1 SDK
Dotfuscator and Analytics Community Edition
Entity Framework Designer for Visual Studio 2012 - enu
ESET Online Scanner v3
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
FATE
FlashDevelop 4.0.1
Foxit Reader
GameMaker-Studio 1.1
GIMP 2.6.10
Google Chrome
Google Update Helper
Governor of Poker 2 Premium Edition
Hero Fighter
Hewlett-Packard ACLM.NET v1.1.1.0
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2548139)
Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB2635973)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
IDA Pro Free v5.0
IIS 7.5 Express
iisnode for iis express 7.x
IrfanView (remove only)
ISScript
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Little Fighter 2 version 2.0a
LocalESPC
LocalESPCui for en-us
Mah Jong Medley
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
Microsoft ASP.NET Web Pages 2
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft DirectX 8.1 SDK
Microsoft DirectX 9.0 SDK Update (August 2005)
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Studio 4
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Forefront Endpoint Protection
Microsoft Forefront Endpoint Protection 2010 Server Management
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.1
Microsoft Help Viewer 2.0
Microsoft Mouse and Keyboard Center
Microsoft NuGet - Visual Studio 2012
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Office 32-bit Components 2010
Microsoft Office PowerPoint 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word 2010
Microsoft Office Word MUI (English) 2010
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft PowerPoint 2010
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Ribbon for WPF Source and Samples (V. 4.0.0.11019)
Microsoft Security Client
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Browser
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Compact 4.0 Web Tools ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2010 Express - ENU
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft Web Deploy 2.0
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Platform Installer 4.0
Microsoft WebMatrix 2
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
Microsoft Word 2010
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio Platform Tools
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MotioninJoy DS3 driver version 0.6.0004
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
NetBeans IDE 7.0.1
Nightly 17.0a1 (x86 en-US)
node.js
NTFS Undelete 3.0.3.521
NuGet
Paint.NET v3.5.10
particleIllusion 3.0.4 demo
PC Cleaners
Penguins!
PingPlotter Standard 3.40.2s
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
Project64 1.6
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
RealWorld Cursor Editor
Recovery Manager
Revo Uninstaller 1.94
RoxioNow Player
Runes of Magic
Secure Download Manager
Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition
Skype™ 5.10
Slingo Supreme
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
swMSM
Synaptics TouchPad Driver
trakAxPC
Unity
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598289) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
Video to GIF Converter 5.20
Virtual Villagers 5 - New Believers
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio Extensions for Windows Library for JavaScript
VLC media player 1.1.11
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
Web Deployment Tool
Web Standards Update for Visual Studio 2010 SP1
WildTangent Games App (HP Games)
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Runtime Intellisense Content - en-us
Windows SDK IntellisenseNFX
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
WinRAR 4.01 (32-bit)
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/15/2012 9:52:26 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/15/2012 12:36:27 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/15/2012 12:33:39 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
10/15/2012 12:09:18 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
10/15/2012 12:07:18 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
10/15/2012 12:05:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
10/15/2012 12:05:18 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
10/15/2012 12:03:18 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
10/15/2012 1:14:35 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/15/2012 1:13:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/15/2012 1:13:22 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/15/2012 1:13:16 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/15/2012 1:13:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/14/2012 7:53:38 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
10/14/2012 7:51:38 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
10/14/2012 7:51:38 PM, Error: Service Control Manager [7000] - The Tablet PC Input Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/14/2012 7:49:38 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
10/14/2012 11:51:05 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/14/2012 11:42:32 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
10/14/2012 11:26:32 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the upnphost service.
10/14/2012 10:51:39 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/14/2012 10:47:57 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
10/13/2012 7:50:10 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/13/2012 11:09:54 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/13/2012 10:50:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/13/2012 10:48:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
10/13/2012 10:48:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
10/13/2012 10:47:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
10/13/2012 10:21:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
10/13/2012 10:17:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
10/13/2012 10:16:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
10/13/2012 10:12:35 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
10/13/2012 10:10:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.
10/13/2012 10:07:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.
10/13/2012 10:05:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TabletInputService service.
10/13/2012 10:05:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
10/12/2012 9:49:29 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/12/2012 6:43:51 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/12/2012 6:30:02 PM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/12/2012 6:22:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
10/12/2012 6:09:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/12/2012 3:40:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
10/12/2012 3:33:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/12/2012 3:31:17 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/12/2012 12:24:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.
10/12/2012 12:24:52 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/11/2012 9:15:32 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2739159).
10/11/2012 8:57:51 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2724197).
10/11/2012 8:57:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2731771).
10/11/2012 8:57:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2749655).
10/11/2012 8:57:28 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2756822).
10/11/2012 8:18:22 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2743555).
10/11/2012 8:18:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2732487).
10/11/2012 8:16:59 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2661254).
10/11/2012 8:11:33 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/11/2012 7:56:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2661254).
10/11/2012 7:56:20 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
10/11/2012 10:53:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
10/10/2012 9:38:30 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
10/10/2012 9:26:24 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:54 AM

Posted 16 October 2012 - 07:50 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review and let me know if the problem persists.

#6 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 16 October 2012 - 06:57 PM

ComboFix 12-10-16.02 - UTA 10/16/2012 17:50:44.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2667.1452 [GMT -5:00]
Running from: c:\users\UTA\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\100
c:\users\GMC\Documents\~WRL3496.tmp
c:\users\Kanayo\Documents\~WRL2496.tmp
c:\users\Kanayo\Documents\~WRL3892.tmp
c:\users\UTA\AppData\Local\assembly\tmp
c:\users\UTA\AppData\Local\Microsoft\Windows\Temporary Internet Files\ApnStub.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 23:17 . 2012-10-16 23:17 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17F56BE3-FCD5-4AC1-9F1C-C660F7D38FF5}\offreg.dll
2012-10-16 23:09 . 2012-10-16 23:09 -------- d-----w- c:\users\Kanayo\AppData\Local\temp
2012-10-16 23:09 . 2012-10-16 23:09 -------- d-----w- c:\users\GMC\AppData\Local\temp
2012-10-16 14:23 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{17F56BE3-FCD5-4AC1-9F1C-C660F7D38FF5}\mpengine.dll
2012-10-15 15:25 . 2012-10-15 15:25 -------- d-----w- c:\users\GMC\AppData\Local\Project2
2012-10-15 07:02 . 2012-10-15 07:02 -------- d-----w- c:\users\GMC\AppData\Local\YoYo_Games_Ltd
2012-10-15 06:52 . 2012-10-16 04:59 -------- d-----w- c:\users\GMC\AppData\Roaming\GameMaker-Studio
2012-10-15 06:51 . 2012-10-15 06:52 -------- d-----w- c:\users\GMC\GameMaker-Studio 1.1
2012-10-14 03:15 . 2012-10-14 03:15 -------- d-----w- c:\users\UTA\AppData\Local\Alex F
2012-10-13 03:01 . 2012-10-13 03:59 -------- d-----w- c:\users\UTA\AppData\Local\Demo3
2012-10-13 00:15 . 2012-10-13 00:15 -------- d-----w- c:\users\UTA\AppData\Local\Demo1
2012-10-13 00:12 . 2012-10-13 00:14 -------- d-----w- c:\users\UTA\AppData\Local\YoYo_Games_Ltd
2012-10-13 00:12 . 2012-10-13 00:15 -------- d-----w- c:\users\UTA\AppData\Roaming\GameMaker-Studio
2012-10-13 00:11 . 2012-10-13 02:00 -------- d-----w- c:\users\UTA\AppData\Local\GameMaker-Studio
2012-10-13 00:11 . 2012-10-13 00:11 -------- d-----w- c:\users\UTA\GameMaker-Studio 1.1
2012-10-11 14:15 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-11 14:14 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-11 14:14 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-11 14:14 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-11 14:12 . 2012-08-20 18:48 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-10-11 14:12 . 2012-08-20 18:46 338432 ----a-w- c:\windows\system32\conhost.exe
2012-10-11 14:12 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-11 14:12 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-11 14:11 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-11 14:11 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-11 14:10 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-11 14:10 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-11 14:08 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-11 14:08 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-11 14:08 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-11 14:07 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-11 14:07 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-11 14:07 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-11 05:44 . 2012-10-11 05:44 -------- d-----w- c:\program files (x86)\VS Revo Group
2012-10-11 05:31 . 2012-10-11 05:31 -------- d-----w- c:\users\UTA\AppData\Roaming\PC Cleaners
2012-10-11 05:29 . 2012-10-11 05:27 4589880 ----a-w- c:\windows\uninst.exe
2012-10-11 05:29 . 2012-10-11 05:31 -------- d-----w- c:\users\UTA\AppData\Roaming\PCPro
2012-10-11 05:29 . 2012-10-11 05:31 -------- d-----w- c:\programdata\PC1Data
2012-10-11 05:25 . 2012-10-11 05:25 -------- d-----w- c:\programdata\Ask
2012-10-09 01:47 . 2012-10-09 01:47 -------- d-----w- c:\windows\Sun
2012-10-03 02:48 . 2012-10-03 02:48 -------- d-----w- c:\program files (x86)\Microsoft Ribbon for WPF
2012-10-01 20:07 . 2012-10-01 20:08 -------- d-----w- c:\program files\Microsoft Device Center
2012-10-01 19:43 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-01 19:43 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-01 19:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-29 02:27 . 2010-02-04 15:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-09-29 02:27 . 2010-02-04 15:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-09-29 02:27 . 2010-02-04 15:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-09-29 02:27 . 2010-02-04 15:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-09-29 02:25 . 2012-09-29 02:25 -------- d-----w- c:\windows\SysWow64\xlive
2012-09-29 02:25 . 2012-09-29 02:25 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-09-29 02:25 . 2012-09-29 02:25 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-09-28 05:02 . 2012-09-28 05:02 -------- d-----w- c:\users\UTA\AppData\Local\PreEmptive Solutions
2012-09-28 04:58 . 2012-09-28 04:58 -------- d-----w- c:\users\UTA\AppData\Local\Apps
2012-09-28 04:58 . 2012-10-01 03:33 -------- d-----w- c:\users\UTA\AppData\Local\Deployment
2012-09-28 03:32 . 2012-09-28 03:32 -------- d-----w- c:\program files\Application Verifier
2012-09-28 03:32 . 2012-09-28 03:32 -------- d-----w- c:\program files (x86)\Application Verifier
2012-09-28 03:32 . 2012-09-28 03:32 -------- d-----w- c:\programdata\Windows App Certification Kit
2012-09-28 03:31 . 2012-09-28 03:31 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-09-28 03:29 . 2012-09-28 03:29 -------- d-----w- c:\program files (x86)\NuGet
2012-09-28 03:29 . 2012-09-28 03:29 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
2012-09-28 03:27 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-09-28 03:20 . 2012-09-28 03:20 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2012-09-28 03:09 . 2012-09-28 03:09 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0
2012-09-27 23:58 . 2012-09-27 23:58 -------- d-----w- c:\program files\CCleaner
2012-09-27 14:06 . 2012-09-27 14:06 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-27 14:04 . 2012-09-27 14:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-27 14:04 . 2012-09-27 14:04 -------- d-----w- c:\program files (x86)\Java
2012-09-27 13:57 . 2012-09-27 13:57 -------- d-----w- c:\windows\SysWow64\obj
2012-09-27 12:32 . 2008-07-12 13:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2012-09-27 12:21 . 2012-09-27 12:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-09-27 12:19 . 2012-09-27 13:04 -------- d-----w- c:\program files (x86)\Microsoft Expression
2012-09-27 06:22 . 2012-09-27 06:22 -------- d-----w- c:\users\UTA\AppData\Roaming\e-academy Inc
2012-09-27 06:22 . 2012-09-27 06:22 -------- d-----w- c:\users\UTA\AppData\Local\e-academy Inc
2012-09-27 05:49 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-27 05:48 . 2012-02-09 19:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51DA8E44-A810-408F-AD7A-E45424A397B5}\gapaengine.dll
2012-09-27 05:40 . 2012-09-27 05:40 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-09-26 04:53 . 2012-09-26 04:53 -------- d-----w- c:\users\Kanayo\AppData\Local\{4CFCE791-004F-11E2-8271-B8AC6F996F26}
2012-09-25 03:28 . 2012-09-25 03:28 -------- d-----w- c:\users\UTA\AppData\Roaming\Microsoft FxCop
2012-09-25 00:17 . 2012-09-25 00:17 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2012-09-25 00:17 . 2012-09-25 00:17 -------- d-----w- c:\program files (x86)\Windows Kits
2012-09-25 00:13 . 2012-09-25 00:13 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2012-09-25 00:05 . 2012-09-28 03:43 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 11.0
2012-09-24 23:30 . 2012-09-24 23:30 -------- d-----w- c:\windows\CheckSur
2012-09-24 22:55 . 2012-09-25 14:13 -------- d-----w- c:\users\UTA\AppData\Local\ElevatedDiagnostics
2012-09-24 22:48 . 2012-09-28 03:08 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2012-09-24 22:33 . 2012-09-27 05:40 -------- d-----w- c:\program files\Microsoft Security Client
2012-09-24 19:59 . 2012-09-24 19:59 -------- d-----w- c:\program files (x86)\WPF Toolkit
2012-09-21 01:24 . 2012-09-21 01:25 -------- d-----w- c:\users\UTA\AppData\Roaming\TP
2012-09-21 01:06 . 2012-09-21 04:34 -------- d-----w- c:\users\UTA\AppData\Roaming\BitTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 13:57 . 2011-11-28 20:53 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 03:23 . 2012-06-25 22:59 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 03:23 . 2011-07-07 01:36 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-28 03:47 . 2012-09-28 03:47 2111360 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-09-28 03:41 . 2012-08-05 08:34 576576 ----a-w- c:\programdata\Microsoft\VWDExpress\10.0\1033\ResourceCache.dll
2012-09-27 14:04 . 2012-04-30 03:44 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-27 14:04 . 2011-11-27 05:48 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-25 00:26 . 2012-09-25 00:26 1075424 ----a-w- c:\programdata\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2012-09-07 22:04 . 2011-12-11 08:41 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 18:12 . 2012-09-12 15:06 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 15:06 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 15:06 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 15:06 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-11 14:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-06 08:08 . 2012-04-28 04:59 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-08-06 08:06 . 2011-12-31 02:32 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-08-05 15:17 . 2011-11-26 00:32 205984 ----a-w- c:\programdata\Microsoft\VBExpress\10.0\1033\ResourceCache.dll
2012-08-02 17:58 . 2012-09-12 15:06 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 15:06 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-30 05:00 . 2012-07-30 05:00 40960 ----a-r- c:\users\GMC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-07-30 05:00 . 2012-07-30 05:00 40960 ----a-r- c:\users\GMC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2012-07-27 00:08 . 2012-07-27 00:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-27 00:08 . 2012-07-27 00:08 837072 ----a-w- c:\windows\SysWow64\vcamp110d.dll
2012-07-27 00:08 . 2012-07-27 00:08 82888 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2012-07-27 00:08 . 2012-07-27 00:08 82888 ----a-w- c:\windows\SysWow64\mfcm110.dll
2012-07-27 00:08 . 2012-07-27 00:08 8234952 ----a-w- c:\windows\SysWow64\mfc110ud.dll
2012-07-27 00:08 . 2012-07-27 00:08 821200 ----a-w- c:\windows\SysWow64\msvcp110d.dll
2012-07-27 00:08 . 2012-07-27 00:08 8164296 ----a-w- c:\windows\SysWow64\mfc110d.dll
2012-07-27 00:08 . 2012-07-27 00:08 74704 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2012-07-27 00:08 . 2012-07-27 00:08 74704 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2012-07-27 00:08 . 2012-07-27 00:08 73680 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2012-07-27 00:08 . 2012-07-27 00:08 729560 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
2012-07-27 00:08 . 2012-07-27 00:08 72656 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2012-07-27 00:08 . 2012-07-27 00:08 70608 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2012-07-27 00:08 . 2012-07-27 00:08 64976 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2012-07-27 00:08 . 2012-07-27 00:08 53712 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2012-07-27 00:08 . 2012-07-27 00:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-27 00:08 . 2012-07-27 00:08 53200 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2012-07-27 00:08 . 2012-07-27 00:08 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2012-07-27 00:08 . 2012-07-27 00:08 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2012-07-27 00:08 . 2012-07-27 00:08 4446152 ----a-w- c:\windows\SysWow64\mfc110u.dll
2012-07-27 00:08 . 2012-07-27 00:08 4411848 ----a-w- c:\windows\SysWow64\mfc110.dll
2012-07-27 00:08 . 2012-07-27 00:08 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
2012-07-27 00:08 . 2012-07-27 00:08 263112 ----a-w- c:\windows\SysWow64\vsjitdebugger.exe
2012-07-27 00:08 . 2012-07-27 00:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-27 00:08 . 2012-07-27 00:08 2203632 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
2012-07-27 00:08 . 2012-07-27 00:08 216016 ----a-w- c:\windows\SysWow64\VSPerf110.dll
2012-07-27 00:08 . 2012-07-27 00:08 173016 ----a-w- c:\windows\SysWow64\VSCover110.dll
2012-07-27 00:08 . 2012-07-27 00:08 1678792 ----a-w- c:\windows\SysWow64\msvcr110d.dll
2012-07-27 00:08 . 2012-07-27 00:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-27 00:08 . 2012-07-27 00:08 144848 ----a-w- c:\windows\SysWow64\vcomp110d.dll
2012-07-27 00:08 . 2012-07-27 00:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-27 00:08 . 2012-07-27 00:08 111560 ----a-w- c:\windows\SysWow64\mfcm110d.dll
2012-07-27 00:08 . 2012-07-27 00:08 110544 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
2012-07-26 20:22 . 2012-07-26 20:22 997336 ----a-w- c:\windows\system32\vccorlib110d.dll
2012-07-26 20:22 . 2012-07-26 20:22 90056 ----a-w- c:\windows\system32\mfcm110u.dll
2012-07-26 20:22 . 2012-07-26 20:22 90056 ----a-w- c:\windows\system32\mfcm110.dll
2012-07-26 20:22 . 2012-07-26 20:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 20:22 . 2012-07-26 20:22 74704 ----a-w- c:\windows\system32\mfc110fra.dll
2012-07-26 20:22 . 2012-07-26 20:22 74704 ----a-w- c:\windows\system32\mfc110deu.dll
2012-07-26 20:22 . 2012-07-26 20:22 73680 ----a-w- c:\windows\system32\mfc110esn.dll
2012-07-26 20:22 . 2012-07-26 20:22 72656 ----a-w- c:\windows\system32\mfc110ita.dll
2012-07-26 20:22 . 2012-07-26 20:22 70608 ----a-w- c:\windows\system32\mfc110rus.dll
2012-07-26 20:22 . 2012-07-26 20:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 20:22 . 2012-07-26 20:22 64976 ----a-w- c:\windows\system32\mfc110enu.dll
2012-07-26 20:22 . 2012-07-26 20:22 5606856 ----a-w- c:\windows\system32\mfc110u.dll
2012-07-26 20:22 . 2012-07-26 20:22 5579208 ----a-w- c:\windows\system32\mfc110.dll
2012-07-26 20:22 . 2012-07-26 20:22 53712 ----a-w- c:\windows\system32\mfc110jpn.dll
2012-07-26 20:22 . 2012-07-26 20:22 53200 ----a-w- c:\windows\system32\mfc110kor.dll
2012-07-26 20:22 . 2012-07-26 20:22 46032 ----a-w- c:\windows\system32\mfc110cht.dll
2012-07-26 20:22 . 2012-07-26 20:22 46032 ----a-w- c:\windows\system32\mfc110chs.dll
2012-07-26 20:22 . 2012-07-26 20:22 385480 ----a-w- c:\windows\system32\vcamp110.dll
2012-07-26 20:22 . 2012-07-26 20:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 20:22 . 2012-07-26 20:22 292320 ----a-w- c:\windows\system32\vsjitdebugger.exe
2012-07-26 20:22 . 2012-07-26 20:22 248272 ----a-w- c:\windows\system32\VSPerf110.dll
2012-07-26 20:22 . 2012-07-26 20:22 1957328 ----a-w- c:\windows\system32\msvcr110d.dll
2012-07-26 20:22 . 2012-07-26 20:22 187864 ----a-w- c:\windows\system32\VSCover110.dll
2012-07-26 20:22 . 2012-07-26 20:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 20:22 . 2012-07-26 20:22 153040 ----a-w- c:\windows\system32\vcomp110d.dll
2012-07-26 20:22 . 2012-07-26 20:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 20:22 . 2012-07-26 20:22 120776 ----a-w- c:\windows\system32\mfcm110d.dll
2012-07-26 20:22 . 2012-07-26 20:22 119760 ----a-w- c:\windows\system32\mfcm110ud.dll
2012-07-26 20:22 . 2012-07-26 20:22 1106384 ----a-w- c:\windows\system32\msvcp110d.dll
2012-07-26 20:22 . 2012-07-26 20:22 10915784 ----a-w- c:\windows\system32\mfc110ud.dll
2012-07-26 20:22 . 2012-07-26 20:22 10843080 ----a-w- c:\windows\system32\mfc110d.dll
2012-07-26 20:22 . 2012-07-26 20:22 1077688 ----a-w- c:\windows\system32\vcamp110d.dll
2012-07-26 01:32 . 2012-07-26 01:32 98792 ----a-w- c:\windows\SysWow64\vfrdvcompat.dll
2012-07-26 01:32 . 2012-07-26 01:32 164200 ----a-w- c:\windows\SysWow64\vrfcore.dll
2012-07-26 01:31 . 2012-07-26 01:31 87328 ----a-w- c:\windows\SysWow64\vfcompat.dll
2012-07-26 01:31 . 2012-07-26 01:31 81592 ----a-w- c:\windows\SysWow64\vfnet.dll
2012-07-26 01:31 . 2012-07-26 01:31 61384 ----a-w- c:\windows\SysWow64\vfnws.dll
2012-07-26 01:31 . 2012-07-26 01:31 52032 ----a-w- c:\windows\SysWow64\vfcuzz.dll
2012-07-26 01:31 . 2012-07-26 01:31 40136 ----a-w- c:\windows\SysWow64\vfntlmless.dll
2012-07-26 01:31 . 2012-07-26 01:31 367392 ----a-w- c:\windows\SysWow64\vfprintpthelper.dll
2012-07-26 01:31 . 2012-07-26 01:31 353328 ----a-w- c:\windows\SysWow64\vfbasics.dll
2012-07-26 01:31 . 2012-07-26 01:31 306592 ----a-w- c:\windows\SysWow64\vfprint.dll
2012-07-26 01:31 . 2012-07-26 01:31 242776 ----a-w- c:\windows\SysWow64\vfluapriv.dll
2012-07-26 01:31 . 2012-07-26 01:31 21448 ----a-w- c:\windows\SysWow64\cuzzapi.dll
2012-07-26 01:31 . 2012-07-26 01:31 173520 ----a-w- c:\windows\SysWow64\appverif.exe
2012-07-26 01:25 . 2012-07-26 01:25 59848 ----a-w- c:\windows\SysWow64\VSD3DRefDebug.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBit2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBit2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-07 766536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 136176]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-08-30 117520]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-16 115184]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-26 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-05 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-06-17 365568]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-06-14 26680]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-15 1052328]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-07-18 80448]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-05 9359872]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-05 309760]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-06-25 52320]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-05-18 1145448]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPNWMON
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 03:24]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 14:25]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-23 14:25]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-187244907-44372620-3702270949-1001Core.job
- c:\users\Kanayo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 07:20]
.
2012-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-187244907-44372620-3702270949-1001UA.job
- c:\users\Kanayo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-25 07:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\UTA\AppData\Roaming\Mozilla\Firefox\Profiles\ro2rivkv.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-{4058E728-84D8-45CE-8E2D-5F35BD6659A1} - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-10-16 18:33:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 23:32
.
Pre-Run: 154,600,591,360 bytes free
Post-Run: 155,509,104,640 bytes free
.
- - End Of File - - 5495D3D8F71D81BED7D5119A793B6C2A

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Forefront Endpoint Protection
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
PC Cleaners
JavaFX 2.1.1
Java 7 Update 7
Visual Studio Extensions for Windows Library for JavaScript
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````

# AdwCleaner v2.005 - Logfile created 10/16/2012 at 18:54:41
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : UTA - INFINITY-HP
# Boot Mode : Normal
# Running from : C:\Users\UTA\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\BitTorrentBar
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\GMC\AppData\Local\Conduit
Folder Found : C:\Users\GMC\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\GMC\AppData\LocalLow\Conduit
Folder Found : C:\Users\GMC\AppData\Roaming\Mozilla\Firefox\Profiles\v6m8jrit.default\Smartbar
Folder Found : C:\Users\Kanayo\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\Kanayo\AppData\LocalLow\Conduit
Folder Found : C:\Users\UTA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Folder Found : C:\Users\UTA\AppData\LocalLow\BitTorrentBar
Folder Found : C:\Users\UTA\AppData\LocalLow\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\Software\BitTorrentBar
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05B3F752-4107-4493-9016-E747CB75B631}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC8C2E49-5301-43F4-BC1A-FD9E231D9B97}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-187244907-44372620-3702270949-1009\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-187244907-44372620-3702270949-1009\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Kanayo\AppData\Roaming\Mozilla\Firefox\Profiles\l0yoexk8.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\GMC\AppData\Roaming\Mozilla\Firefox\Profiles\v6m8jrit.default\prefs.js

Found : user_pref("CT2790392.1000234.TWC_TMP_city", "RICHARDSON");
Found : user_pref("CT2790392.1000234.TWC_TMP_country", "US");
Found : user_pref("CT2790392.1000234.TWC_locId", "USTX1134");
Found : user_pref("CT2790392.1000234.TWC_location", "Richardson, TX");
Found : user_pref("CT2790392.1000234.TWC_region", "US");
Found : user_pref("CT2790392.1000234.TWC_temp_dis", "f");
Found : user_pref("CT2790392.1000234.TWC_wind_dis", "mph");
Found : user_pref("CT2790392.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"102°F\",\"tempera[...]
Found : user_pref("CT2790392.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2790392.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2790392.FirstTime", "true");
Found : user_pref("CT2790392.FirstTimeFF3", "true");
Found : user_pref("CT2790392.UserID", "UN87306916960683185");
Found : user_pref("CT2790392.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2790392.autoDisableScopes", -1);
Found : user_pref("CT2790392.cbcountry_001", "US");
Found : user_pref("CT2790392.cbfirsttime", "Mon Jul 30 2012 16:53:13 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2790392.defaultSearch", "FALSE");
Found : user_pref("CT2790392.embeddedsData", "[{\"appId\":\"129298377186388102\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2790392.enableAlerts", "always");
Found : user_pref("CT2790392.enableSearchFromAddressBar", "FALSE");
Found : user_pref("CT2790392.firstTimeDialogOpened", "true");
Found : user_pref("CT2790392.fixPageNotFoundError", "true");
Found : user_pref("CT2790392.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2790392.fixUrls", true);
Found : user_pref("CT2790392.installId", "fftB175.tmp.exe");
Found : user_pref("CT2790392.installType", "XPE");
Found : user_pref("CT2790392.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2790392.isNewTabEnabled", true);
Found : user_pref("CT2790392.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2790392.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2790392.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT2790392.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Found : user_pref("CT2790392.openThankYouPage", "true");
Found : user_pref("CT2790392.openUninstallPage", "FALSE");
Found : user_pref("CT2790392.scriptSource", "hxxp://127.0.0.1:10000/gui/");
Found : user_pref("CT2790392.search.searchAppId", "129298377186388102");
Found : user_pref("CT2790392.search.searchCount", "0");
Found : user_pref("CT2790392.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2790392.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2790392.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2790392.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Found : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2790392.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT2790392.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343685189517");
Found : user_pref("CT2790392.serviceLayer_services_appTracking_lastUpdate", "1343685192074");
Found : user_pref("CT2790392.serviceLayer_services_appsMetadata_lastUpdate", "1343685188856");
Found : user_pref("CT2790392.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343685190860");
Found : user_pref("CT2790392.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343685191570");
Found : user_pref("CT2790392.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343685190064");
Found : user_pref("CT2790392.serviceLayer_services_searchAPI_lastUpdate", "1343685187157");
Found : user_pref("CT2790392.serviceLayer_services_serviceMap_lastUpdate", "1343685186087");
Found : user_pref("CT2790392.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343685189897");
Found : user_pref("CT2790392.serviceLayer_services_toolbarSettings_lastUpdate", "1343685187192");
Found : user_pref("CT2790392.serviceLayer_services_translation_lastUpdate", "1343685188879");
Found : user_pref("CT2790392.settingsINI", true);
Found : user_pref("CT2790392.shouldFirstTimeDialog", "false");
Found : user_pref("CT2790392.smartbar.CTID", "CT2790392");
Found : user_pref("CT2790392.smartbar.Uninstall", "0");
Found : user_pref("CT2790392.smartbar.toolbarName", "BitTorrentBar ");
Found : user_pref("CT2790392.toolbarBornServerTime", "31-7-2012");
Found : user_pref("CT2790392.toolbarCurrentServerTime", "31-7-2012");

Profile name : default
File : C:\Users\UTA\AppData\Roaming\Mozilla\Firefox\Profiles\ro2rivkv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kanayo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\GMC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\UTA\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2894 octets] - [20/07/2012 13:45:00]
AdwCleaner[R1].txt - [9874 octets] - [16/10/2012 18:54:41]

########## EOF - C:\AdwCleaner[R1].txt - [9934 octets] ##########

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:54 AM

Posted 17 October 2012 - 09:01 AM

Looking good.

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Sn].txt (n is a number)..

Please let me know what problem persists.

#8 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:10:54 AM

Posted 17 October 2012 - 11:29 PM

# AdwCleaner v2.005 - Logfile created 10/17/2012 at 10:22:19
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : UTA - INFINITY-HP
# Boot Mode : Normal
# Running from : C:\Users\UTA\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\BitTorrentBar
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\GMC\AppData\Local\Conduit
Folder Deleted : C:\Users\GMC\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\GMC\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\GMC\AppData\Roaming\Mozilla\Firefox\Profiles\v6m8jrit.default\Smartbar
Folder Deleted : C:\Users\Kanayo\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\Kanayo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\UTA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Folder Deleted : C:\Users\UTA\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\UTA\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{05B3F752-4107-4493-9016-E747CB75B631}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC8C2E49-5301-43F4-BC1A-FD9E231D9B97}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.1 (en-US)

Profile name : default
File : C:\Users\Kanayo\AppData\Roaming\Mozilla\Firefox\Profiles\l0yoexk8.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\GMC\AppData\Roaming\Mozilla\Firefox\Profiles\v6m8jrit.default\prefs.js

Deleted : user_pref("CT2790392.1000234.TWC_TMP_city", "RICHARDSON");
Deleted : user_pref("CT2790392.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT2790392.1000234.TWC_locId", "USTX1134");
Deleted : user_pref("CT2790392.1000234.TWC_location", "Richardson, TX");
Deleted : user_pref("CT2790392.1000234.TWC_region", "US");
Deleted : user_pref("CT2790392.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT2790392.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT2790392.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"102°F\",\"tempera[...]
Deleted : user_pref("CT2790392.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2790392.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2790392.FirstTime", "true");
Deleted : user_pref("CT2790392.FirstTimeFF3", "true");
Deleted : user_pref("CT2790392.UserID", "UN87306916960683185");
Deleted : user_pref("CT2790392.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2790392.autoDisableScopes", -1);
Deleted : user_pref("CT2790392.cbcountry_001", "US");
Deleted : user_pref("CT2790392.cbfirsttime", "Mon Jul 30 2012 16:53:13 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2790392.defaultSearch", "FALSE");
Deleted : user_pref("CT2790392.embeddedsData", "[{\"appId\":\"129298377186388102\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2790392.enableAlerts", "always");
Deleted : user_pref("CT2790392.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT2790392.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2790392.fixPageNotFoundError", "true");
Deleted : user_pref("CT2790392.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2790392.fixUrls", true);
Deleted : user_pref("CT2790392.installId", "fftB175.tmp.exe");
Deleted : user_pref("CT2790392.installType", "XPE");
Deleted : user_pref("CT2790392.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2790392.isNewTabEnabled", true);
Deleted : user_pref("CT2790392.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2790392.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2790392.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT2790392.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT2790392.openThankYouPage", "true");
Deleted : user_pref("CT2790392.openUninstallPage", "FALSE");
Deleted : user_pref("CT2790392.scriptSource", "hxxp://127.0.0.1:10000/gui/");
Deleted : user_pref("CT2790392.search.searchAppId", "129298377186388102");
Deleted : user_pref("CT2790392.search.searchCount", "0");
Deleted : user_pref("CT2790392.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2790392.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2790392.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2790392.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2790392.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2790392.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2790392.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1343685189517");
Deleted : user_pref("CT2790392.serviceLayer_services_appTracking_lastUpdate", "1343685192074");
Deleted : user_pref("CT2790392.serviceLayer_services_appsMetadata_lastUpdate", "1343685188856");
Deleted : user_pref("CT2790392.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1343685190860");
Deleted : user_pref("CT2790392.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343685191570");
Deleted : user_pref("CT2790392.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1343685190064");
Deleted : user_pref("CT2790392.serviceLayer_services_searchAPI_lastUpdate", "1343685187157");
Deleted : user_pref("CT2790392.serviceLayer_services_serviceMap_lastUpdate", "1343685186087");
Deleted : user_pref("CT2790392.serviceLayer_services_toolbarContextMenu_lastUpdate", "1343685189897");
Deleted : user_pref("CT2790392.serviceLayer_services_toolbarSettings_lastUpdate", "1343685187192");
Deleted : user_pref("CT2790392.serviceLayer_services_translation_lastUpdate", "1343685188879");
Deleted : user_pref("CT2790392.settingsINI", true);
Deleted : user_pref("CT2790392.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2790392.smartbar.CTID", "CT2790392");
Deleted : user_pref("CT2790392.smartbar.Uninstall", "0");
Deleted : user_pref("CT2790392.smartbar.toolbarName", "BitTorrentBar ");
Deleted : user_pref("CT2790392.toolbarBornServerTime", "31-7-2012");
Deleted : user_pref("CT2790392.toolbarCurrentServerTime", "31-7-2012");

Profile name : default
File : C:\Users\UTA\AppData\Roaming\Mozilla\Firefox\Profiles\ro2rivkv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kanayo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\GMC\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\UTA\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2894 octets] - [20/07/2012 13:45:00]
AdwCleaner[R1].txt - [9997 octets] - [16/10/2012 18:54:41]
AdwCleaner[S2].txt - [9834 octets] - [17/10/2012 10:22:19]

########## EOF - C:\AdwCleaner[S2].txt - [9894 octets] ##########

Thank you for all your help!
Everything seems to be working!

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,769 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:54 AM

Posted 18 October 2012 - 08:27 AM

Glad we could help.

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users