Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

slow and hangs


  • Please log in to reply
8 replies to this topic

#1 Jack01730

Jack01730

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 07 September 2013 - 04:52 PM

My computer is running slow and every time I use Firefox or Chrome I keep getting unresponsive programs. I've attached logs from Minitool, RKill and MBAR. Any ideas?

Attached Files


Edited by hamluis, 07 September 2013 - 07:06 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Jack01730

Jack01730
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 07 September 2013 - 08:04 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by jgeils at 20:59:03 on 2013-09-07
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.7991.6294 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\WinLIRC\winlirc.exe
C:\Program Files (x86)\IguanaIR\igdaemon.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\OEM\T12CRotateSetup_Win7\T12CRotate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\AutoSizer\AutoSizer.exe
C:\Program Files (x86)\EventGhost\EventGhost.exe
C:\Program Files (x86)\Point-N-Click\Point-N-Click.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Users\jgeils\Downloads\RootkitBusterV5.0-1129x64.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.tabletkiosk.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\jgeils\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AutoSizer] "C:\Program Files (x86)\AutoSizer\AutoSizer.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\jgeils\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTG~1.LNK - C:\Program Files (x86)\EventGhost\EventGhost.exe
StartupFolder: C:\Users\jgeils\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\POINT-~1.LNK - C:\Program Files (x86)\Point-N-Click\Point-N-Click.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
TCP: Interfaces\{FB327832-A3FF-428D-AC40-7FF31384A0C9} : NameServer = 68.87.71.226,68.87.73.242
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\Protector Suite\psqlpwd.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [T12CRotate] C:\Program Files\OEM\T12CRotateSetup_Win7\T12CRotate.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: psfus - C:\Program Files\Protector Suite\psqlpwd.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\
FF - prefs.js: browser.startup.homepage - hxxp://172.16.20.2/display2.html?id=111
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Users\jgeils\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\jgeils\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\jgeils\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\jgeils\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-05 17:10; elemhidehelper@adblockplus.org; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-09-05 17:10; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-09-05 17:53; {987311C6-B504-4aa2-90BF-60CC49808D42}; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF - ExtSQL: 2013-09-05 17:53; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-09-05 17:53; {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF - ExtSQL: 2013-09-05 17:53; yahoomailwatcher@sonthakit; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\yahoomailwatcher@sonthakit.xpi
FF - ExtSQL: 2013-09-05 17:53; gmailwatcher@sonthakit; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\gmailwatcher@sonthakit.xpi
FF - ExtSQL: 2013-09-05 17:53; adblockpopups@jessehakanen.net; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-09-05 18:05; foxmarks@kei.com; C:\Users\jgeils\AppData\Roaming\Mozilla\Firefox\Profiles\p0uf8l9n.default\extensions\foxmarks@kei.com
FF - ExtSQL: 2013-09-05 19:01; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 firedrv;Generic OHCILynx-1394 (intek);C:\Windows\System32\drivers\firedrv.sys [2012-1-17 136096]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-5 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-5 44808]
R2 igdaemon;Iguanaworks IR Daemon;C:\Program Files (x86)\IguanaIR\igdaemon.exe [2013-9-2 36864]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-9-2 65657]
R2 tmrkb;tmrkb;C:\Windows\System32\drivers\tmrkb.sys [2013-9-7 184768]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-5-14 509104]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-6-21 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-5-25 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]
R3 libusb0;libusb-win32 - Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2013-9-2 43456]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2011-5-25 7689216]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 pmhidusb;pmhidusb;C:\Windows\System32\drivers\pmhidusb.sys [2011-6-20 66560]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2011-5-25 43416]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2011-5-25 51096]
S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2011-5-25 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2011-5-25 42192]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 sonydcam;Generic 1394 Desktop Camera;C:\Windows\System32\drivers\sonydcam.sys [2009-7-13 33792]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-30 13336]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-4-5 183560]
S4 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2013-3-22 354816]
S4 tvnserver;TightVNC Server;C:\Program Files\TightVNC\tvnserver.exe [2013-6-6 2122224]
S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-30 2533400]
.
=============== Created Last 30 ================
.
2013-09-08 00:46:11    184768    ----a-w-    C:\Windows\System32\drivers\tmrkb.sys
2013-09-08 00:46:09    173504    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2013-09-07 23:06:28    --------    d-----w-    C:\Windows\System32\catroot2
2013-09-07 22:46:32    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2013-09-07 22:30:44    --------    d-----w-    C:\RegBackup
2013-09-07 22:28:37    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2013-09-07 22:21:48    965008    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78CFD5A2-92E8-4148-9264-E278141DF3EA}\gapaengine.dll
2013-09-07 22:18:26    9515512    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B7381E5-BCD2-4810-95E1-A8F0EDE004A7}\mpengine.dll
2013-09-07 03:12:19    229984    ----a-w-    C:\Windows\System32\drivers\77662762.sys
2013-09-07 00:41:07    --------    d-----w-    C:\Program Files\ComicRack
2013-09-06 23:49:16    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\PhotoScape
2013-09-06 22:28:16    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\Mobipocket
2013-09-06 22:22:31    --------    d-----w-    C:\Program Files (x86)\Mobipocket.com
2013-09-06 21:33:37    9515512    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 21:29:32    --------    d-----w-    C:\Program Files (x86)\Microsoft Security Client
2013-09-06 21:23:26    --------    d-----w-    C:\Windows\Temp0A166EF2-723F-F62A-0A76-B4C0C39D07DC-Signatures
2013-09-06 20:20:12    --------    d-----w-    C:\Program Files\Common Files\SPBA
2013-09-06 19:03:52    --------    d-----w-    C:\Program Files (x86)\Malware DX and Fix
2013-09-06 18:47:09    --------    d-----w-    C:\FRST
2013-09-06 16:59:20    581120    ----a-w-    C:\Windows\SysWow64\igdumdx32.dll
2013-09-06 16:59:18    2191872    ----a-w-    C:\Windows\SysWow64\igfxcmjit32.dll
2013-09-06 05:37:16    --------    d-----w-    C:\Windows\DLLArchive
2013-09-06 03:58:57    --------    d-----w-    C:\Program Files (x86)\ATTNaturalVoices
2013-09-06 02:17:44    --------    d-----w-    C:\Program Files (x86)\OpenOffice 4
2013-09-06 01:51:12    --------    d-----w-    C:\Program Files (x86)\Toshiba
2013-09-05 22:45:57    71600    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-09-05 22:41:38    41224    ----a-w-    C:\Windows\avastSS.scr
2013-09-05 22:38:41    --------    d-----w-    C:\ProgramData\AVAST Software
2013-09-05 22:38:41    --------    d-----w-    C:\Program Files\AVAST Software
2013-09-05 22:34:44    --------    d-----w-    C:\Program Files (x86)\DLLArchive
2013-09-05 22:12:57    --------    d-----w-    C:\Users\jgeils\AppData\Local\Macromedia
2013-09-05 21:03:54    --------    d-----w-    C:\Users\jgeils\AppData\Local\Mozilla
2013-09-04 22:51:03    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\Malwarebytes
2013-09-04 22:48:39    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-09-04 22:48:39    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 21:10:40    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-09-04 21:10:31    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-09-04 21:10:03    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-04 03:19:42    --------    d-----w-    C:\Users\jgeils\AppData\Local\ElevatedDiagnostics
2013-09-04 03:11:20    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\TightVNC
2013-09-04 00:57:58    --------    d-----w-    C:\ComboFix
2013-09-04 00:06:31    --------    d-----w-    C:\found.000
2013-09-03 21:42:27    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-09-03 21:42:24    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-03 21:02:59    --------    d-----w-    C:\$RECYCLE.BIN
2013-09-03 20:40:22    98816    ----a-w-    C:\Windows\sed.exe
2013-09-03 20:40:22    256000    ----a-w-    C:\Windows\PEV.exe
2013-09-03 20:40:22    208896    ----a-w-    C:\Windows\MBR.exe
2013-09-03 04:04:38    --------    d-----w-    C:\Program Files (x86)\Cisco
2013-09-03 03:15:18    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\AutoSizer
2013-09-03 03:14:54    --------    d-----w-    C:\Program Files (x86)\AutoSizer
2013-09-03 02:50:05    --------    d-----w-    C:\ProgramData\dvdfab
2013-09-03 02:30:34    --------    d-----w-    C:\Program Files (x86)\DVDFab 8 Qt
2013-09-03 02:27:38    --------    d-----w-    C:\Program Files (x86)\WinLIRC
2013-09-03 02:26:30    --------    d-----w-    C:\Program Files (x86)\WinDirStat
2013-09-03 02:20:24    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-09-03 02:17:50    --------    d-----w-    C:\Program Files (x86)\Acer Inc
2013-09-03 02:14:47    --------    d-----w-    C:\Program Files\Unlocker
2013-09-03 02:13:29    --------    d-----w-    C:\ProgramData\TightVNC
2013-09-03 02:13:29    --------    d-----w-    C:\Program Files\TightVNC
2013-09-03 02:11:18    --------    d-----w-    C:\Program Files (x86)\TEncoder Video Converter
2013-09-03 02:04:59    --------    d-----w-    C:\Program Files (x86)\Microsoft SkyDrive
2013-09-03 02:04:54    --------    d-----r-    C:\Users\jgeils\SkyDrive
2013-09-03 02:04:39    --------    d-----w-    C:\ProgramData\Microsoft SkyDrive
2013-09-03 02:03:15    --------    d-----w-    C:\Windows\SysWow64\Adobe
2013-09-03 01:47:45    --------    d-----w-    C:\Program Files\Serviio
2013-09-03 01:30:49    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-09-03 01:30:49    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-09-03 01:30:49    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-09-03 01:30:48    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-09-03 01:30:48    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-09-03 01:24:09    75200    ----a-w-    C:\Windows\System32\libusb0.dll
2013-09-03 01:24:09    43456    ----a-w-    C:\Windows\System32\drivers\libusb0.sys
2013-09-03 01:24:08    67008    ----a-w-    C:\Windows\SysWow64\libusb0.dll
2013-09-03 01:24:07    --------    d-----w-    C:\Program Files (x86)\IguanaIR
2013-09-03 01:05:38    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\qBittorrent
2013-09-03 01:05:38    --------    d-----w-    C:\Users\jgeils\AppData\Local\qBittorrent
2013-09-03 01:03:45    --------    d-----w-    C:\Program Files (x86)\qBittorrent
2013-09-03 01:02:24    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\NCH Software
2013-09-03 01:00:59    --------    d-----w-    C:\Program Files (x86)\NCH Software
2013-09-03 00:58:17    --------    d-----w-    C:\Program Files (x86)\PhotoScape
2013-09-03 00:56:32    --------    d-----w-    C:\Program Files (x86)\Mp3tag
2013-09-03 00:53:24    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\Motorola Mobility
2013-09-03 00:51:58    --------    d-----w-    C:\Program Files (x86)\Motorola Mobility
2013-09-03 00:51:58    --------    d-----w-    C:\Program Files (x86)\Motorola
2013-09-03 00:51:58    --------    d-----w-    C:\Program Files (x86)\Common Files\MSSoap
2013-09-03 00:50:55    --------    d-----w-    C:\Program Files (x86)\MSXML 4.0
2013-09-03 00:47:34    --------    d-----w-    C:\Program Files\Motorola Inc
2013-09-03 00:47:19    --------    d-----w-    C:\Program Files\Common Files\Motorola Shared
2013-09-03 00:44:49    393728    ----a-w-    C:\Program Files (x86)\Windows Media Player\Plugins\wmp_scrobbler.dll
2013-09-03 00:44:48    --------    d-----w-    C:\ProgramData\Last.fm
2013-09-03 00:42:46    --------    d-----w-    C:\Users\jgeils\AppData\Local\Last.fm
2013-09-03 00:42:46    --------    d-----w-    C:\Program Files (x86)\Last.fm
2013-09-03 00:42:01    --------    d-----w-    C:\Program Files (x86)\Lame For Audacity
2013-09-03 00:39:03    256088    ----a-w-    C:\Windows\System32\unrar64.dll
2013-09-03 00:38:39    --------    d-----w-    C:\Program Files (x86)\K-Lite Codec Pack
2013-09-03 00:31:20    217176    ----a-w-    C:\Windows\SysWow64\unrar.dll
2013-09-03 00:24:22    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\Motorola
2013-09-03 00:24:02    --------    d-----w-    C:\Users\jgeils\AppData\Local\Amazon
2013-09-03 00:22:39    --------    d-----w-    C:\Program Files (x86)\Amazon
2013-09-03 00:19:44    --------    d-----w-    C:\Users\jgeils\AppData\Local\calibre-cache
2013-09-03 00:19:29    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\calibre
2013-09-03 00:15:15    --------    d-----w-    C:\Users\jgeils\AppData\Local\Apple Computer
2013-09-03 00:14:33    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-09-03 00:11:53    --------    d-----w-    C:\Program Files\iPod
2013-09-03 00:11:26    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-03 00:11:25    --------    d-----w-    C:\Program Files (x86)\iTunes
2013-09-03 00:11:22    --------    d-----w-    C:\Program Files\iTunes
2013-09-03 00:10:19    --------    d-----w-    C:\Users\jgeils\AppData\Local\Apple
2013-09-03 00:08:32    --------    d-----w-    C:\Program Files\Bonjour
2013-09-03 00:08:32    --------    d-----w-    C:\Program Files (x86)\Bonjour
2013-09-03 00:04:27    --------    d-----w-    C:\Program Files\Calibre2
2013-09-02 23:59:02    971680    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-09-02 23:59:00    1092512    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-09-02 23:58:54    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-09-02 23:49:32    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-02 23:49:32    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-02 23:47:30    --------    d-----w-    C:\Users\jgeils\AppData\Local\Adobe
2013-09-02 22:28:10    --------    d-----w-    C:\Drivers
2013-09-02 21:25:59    137000    ----a-w-    C:\Windows\SysWow64\MSMAPI32.OCX
2013-09-02 21:24:50    87040    ----a-w-    C:\Windows\System32\pdfcmnnt.dll
2013-09-02 21:24:48    23552    ----a-w-    C:\Windows\SysWow64\MSMPIDE.DLL
2013-09-02 21:24:18    --------    d-----w-    C:\Program Files (x86)\PDFCreator
2013-09-02 20:47:07    --------    d-----w-    C:\Program Files\Avidemux 2.6 - 64bits
2013-09-02 20:37:53    --------    d-----w-    C:\Program Files (x86)\Audacity
2013-09-02 20:37:32    --------    d-----w-    C:\Users\jgeils\AppData\Local\Programs
2013-09-02 20:36:39    --------    d-----w-    C:\Program Files (x86)\Belarc
2013-09-02 20:33:36    255552    ----a-w-    C:\Windows\SysWow64\drivers\mcdbus.sys
2013-09-02 20:33:36    255552    ----a-w-    C:\Windows\System32\drivers\mcdbus.sys
2013-09-02 20:33:34    --------    d-----w-    C:\Program Files (x86)\MagicDisc
2013-09-02 19:05:35    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\EventGhost
2013-09-02 19:05:26    --------    d-----w-    C:\ProgramData\EventGhost
2013-09-02 19:03:25    --------    d-----w-    C:\Program Files (x86)\EventGhost
2013-09-02 19:01:35    662288    ----a-w-    C:\Windows\SysWow64\mscomct2.ocx
2013-09-02 19:01:35    609824    ----a-w-    C:\Windows\SysWow64\comctl32.ocx
2013-09-02 19:01:35    40960    ----a-w-    C:\Windows\SysWow64\ssubtmr6.dll
2013-09-02 19:01:35    36864    ----a-w-    C:\Windows\SysWow64\trayicon_handler.ocx
2013-09-02 19:01:35    28672    ----a-w-    C:\Windows\SysWow64\mousewheel.ocx
2013-09-02 19:01:35    212240    ----a-w-    C:\Windows\SysWow64\richtx32.ocx
2013-09-02 19:01:35    164144    ----a-w-    C:\Windows\SysWow64\comct232.ocx
2013-09-02 19:01:35    1071088    ----a-w-    C:\Windows\SysWow64\MSCOMCTL.OCX
2013-09-02 19:01:35    --------    d-----w-    C:\Program Files (x86)\DVD Flick
2013-09-02 18:46:09    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\PeaZip
2013-09-02 02:58:51    --------    d-----w-    C:\Program Files\CCleaner
2013-09-02 02:56:06    --------    d-----w-    C:\Program Files\PeaZip
2013-09-02 00:38:57    --------    d-----w-    C:\Program Files (x86)\ReNamer
2013-09-01 23:10:37    3913664    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-09-01 23:10:36    5550528    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-09-01 23:10:36    3968960    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-09-01 23:10:35    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2013-09-01 23:10:33    243712    ----a-w-    C:\Windows\System32\wow64.dll
2013-09-01 23:10:33    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2013-09-01 23:10:31    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-09-01 23:10:31    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-09-01 23:10:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-09-01 23:10:30    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-09-01 23:10:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-09-01 23:07:08    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-09-01 23:07:07    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-09-01 21:58:53    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-01 21:26:01    52736    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2013-09-01 21:26:01    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2013-09-01 21:26:01    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2013-09-01 21:26:00    98816    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2013-09-01 21:26:00    7936    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2013-09-01 21:26:00    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2013-09-01 21:26:00    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2013-09-01 21:25:49    96768    ----a-w-    C:\Windows\System32\fsutil.exe
2013-09-01 21:25:49    27008    ----a-w-    C:\Windows\System32\drivers\amdxata.sys
2013-09-01 21:25:49    2565632    ----a-w-    C:\Windows\System32\esent.dll
2013-09-01 21:25:49    1699328    ----a-w-    C:\Windows\SysWow64\esent.dll
2013-09-01 21:25:48    74240    ----a-w-    C:\Windows\SysWow64\fsutil.exe
2013-09-01 21:25:48    410496    ----a-w-    C:\Windows\System32\drivers\iaStorV.sys
2013-09-01 21:25:48    189824    ----a-w-    C:\Windows\System32\drivers\storport.sys
2013-09-01 21:25:48    166272    ----a-w-    C:\Windows\System32\drivers\nvstor.sys
2013-09-01 21:25:48    148352    ----a-w-    C:\Windows\System32\drivers\nvraid.sys
2013-09-01 21:25:48    107904    ----a-w-    C:\Windows\System32\drivers\amdsata.sys
2013-09-01 18:27:45    --------    d-----w-    C:\Windows\SysWow64\RTCOM
2013-09-01 18:27:45    --------    d-----w-    C:\Program Files\Realtek
2013-09-01 18:23:58    1659464    ----a-w-    C:\Windows\System32\RTSnMg64.cpl
2013-09-01 18:22:38    21170176    ----a-w-    C:\Windows\System32\RCoRes64.dat
2013-09-01 18:22:38    135240    ----a-w-    C:\Windows\System32\RCoInstII64.dll
2013-09-01 18:22:18    7164176    ----a-w-    C:\Windows\System32\R4EEP64A.dll
2013-09-01 18:22:18    141584    ----a-w-    C:\Windows\System32\R4EEL64A.dll
2013-09-01 18:22:17    75024    ----a-w-    C:\Windows\System32\R4EEG64A.dll
2013-09-01 18:22:13    434960    ----a-w-    C:\Windows\System32\R4EED64A.dll
2013-09-01 18:22:06    124176    ----a-w-    C:\Windows\System32\R4EEA64A.dll
2013-09-01 18:22:05    904752    ----a-w-    C:\Windows\System32\MISS_APO.dll
2013-09-01 18:20:12    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2013-09-01 18:16:03    --------    d-----w-    C:\Program Files (x86)\Realtek
2013-09-01 18:10:06    --------    d-----w-    C:\Windows\pss
2013-09-01 17:54:43    --------    d-----w-    C:\Program Files\Microsoft Security Client
2013-09-01 06:10:17    80384    ----a-w-    C:\Windows\System32\drivers\BTHUSB.SYS
2013-09-01 06:10:17    552960    ----a-w-    C:\Windows\System32\drivers\bthport.sys
2013-09-01 06:10:17    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-09-01 06:10:17    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-09-01 05:32:21    8199504    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-01 05:32:13    9515512    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A345BC59-4B81-4E10-8DC8-BEC401F9244B}\mpengine.dll
2013-09-01 05:30:34    9728    ----a-w-    C:\Windows\System32\Wdfres.dll
2013-09-01 05:30:34    785512    ----a-w-    C:\Windows\System32\drivers\Wdf01000.sys
2013-09-01 05:30:34    54376    ----a-w-    C:\Windows\System32\drivers\WdfLdr.sys
2013-09-01 05:30:34    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-09-01 05:21:47    --------    d-----w-    C:\Windows\System32\MRT
2013-09-01 05:11:55    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2013-09-01 05:11:55    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2013-09-01 05:11:55    367616    ----a-w-    C:\Windows\System32\atmfd.dll
2013-09-01 05:11:55    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2013-09-01 05:11:55    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2013-09-01 05:11:55    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2013-09-01 05:10:26    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2013-09-01 05:10:26    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2013-09-01 05:10:26    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2013-09-01 05:10:26    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2013-09-01 05:10:25    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2013-09-01 05:10:25    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2013-09-01 05:10:25    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2013-09-01 04:11:35    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-09-01 04:11:34    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-09-01 04:11:34    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-09-01 04:11:34    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-09-01 04:11:28    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-09-01 04:11:28    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-09-01 04:09:58    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-09-01 03:59:22    81408    ----a-w-    C:\Windows\System32\imagehlp.dll
2013-09-01 03:59:22    5120    ----a-w-    C:\Windows\SysWow64\wmi.dll
2013-09-01 03:59:22    5120    ----a-w-    C:\Windows\System32\wmi.dll
2013-09-01 03:59:22    23408    ----a-w-    C:\Windows\System32\drivers\fs_rec.sys
2013-09-01 03:59:22    159232    ----a-w-    C:\Windows\SysWow64\imagehlp.dll
2013-09-01 03:52:02    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\dasher.rc
2013-09-01 03:44:28    --------    d-----w-    C:\Users\jgeils\AppData\Local\WindowsUpdate
2013-09-01 03:40:58    1728512    ----a-r-    C:\Users\jgeils\AppData\Roaming\Microsoft\Installer\{6EEB2808-2516-11DE-AE8D-000E7B9B7395}\Dasher.exe
2013-09-01 03:40:48    --------    d-----w-    C:\Program Files (x86)\Dasher
2013-09-01 03:36:14    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-09-01 03:36:14    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-01 03:36:14    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-01 03:36:14    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-01 03:36:14    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-01 03:36:14    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-01 03:36:13    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-01 03:36:03    514560    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2013-09-01 03:36:03    366592    ----a-w-    C:\Windows\System32\qdvd.dll
2013-09-01 03:29:52    3717632    ----a-w-    C:\Windows\System32\mstscax.dll
2013-09-01 03:28:59    850944    ----a-w-    C:\Windows\SysWow64\sbe.dll
2013-09-01 03:28:59    199680    ----a-w-    C:\Windows\SysWow64\mpg2splt.ax
2013-09-01 03:28:51    1572864    ----a-w-    C:\Windows\System32\quartz.dll
2013-09-01 03:28:51    1328128    ----a-w-    C:\Windows\SysWow64\quartz.dll
2013-09-01 03:28:03    509952    ----a-w-    C:\Windows\System32\ntshrui.dll
2013-09-01 03:28:03    442880    ----a-w-    C:\Windows\SysWow64\ntshrui.dll
2013-09-01 03:26:32    288768    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2013-09-01 03:26:32    158208    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2013-09-01 03:26:32    128000    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2013-09-01 03:26:22    395776    ----a-w-    C:\Windows\System32\webio.dll
2013-09-01 03:26:22    314880    ----a-w-    C:\Windows\SysWow64\webio.dll
2013-09-01 03:26:14    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2013-09-01 03:26:14    230400    ----a-w-    C:\Windows\System32\wwansvc.dll
2013-09-01 03:26:10    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-09-01 03:25:54    515584    ----a-w-    C:\Windows\System32\timedate.cpl
2013-09-01 03:25:54    478720    ----a-w-    C:\Windows\SysWow64\timedate.cpl
2013-09-01 03:20:23    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-09-01 03:20:23    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-09-01 03:16:57    1011712    ----a-w-    C:\Program Files\Windows Defender\MpSvc.dll
2013-09-01 03:16:56    571904    ----a-w-    C:\Program Files\Windows Defender\MpClient.dll
2013-09-01 03:16:55    392704    ----a-w-    C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-09-01 03:16:54    314880    ----a-w-    C:\Program Files\Windows Defender\MpCommu.dll
2013-09-01 03:16:53    54784    ----a-w-    C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-09-01 03:16:52    9216    ----a-w-    C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-09-01 03:16:51    4608    ----a-w-    C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-09-01 03:16:35    1359872    ----a-w-    C:\Windows\System32\mfc42u.dll
2013-09-01 03:16:34    1395712    ----a-w-    C:\Windows\System32\mfc42.dll
2013-09-01 03:16:32    1164288    ----a-w-    C:\Windows\SysWow64\mfc42u.dll
2013-09-01 03:16:32    1137664    ----a-w-    C:\Windows\SysWow64\mfc42.dll
2013-09-01 03:15:35    950128    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2013-09-01 03:15:35    41472    ----a-w-    C:\Windows\System32\drivers\RNDISMP.sys
2013-09-01 03:14:51    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-09-01 03:14:50    1620992    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-09-01 03:14:34    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-09-01 03:14:15    9216    ----a-w-    C:\Windows\System32\rdrmemptylst.exe
2013-09-01 03:14:15    149504    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2013-09-01 03:14:14    77312    ----a-w-    C:\Windows\System32\rdpwsx.dll
2013-09-01 03:14:06    95600    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-01 03:14:06    31232    ----a-w-    C:\Windows\System32\lsass.exe
2013-09-01 03:14:06    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-01 03:14:06    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-01 03:14:06    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-01 03:12:56    27520    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2013-09-01 03:12:49    209920    ----a-w-    C:\Windows\System32\profsvc.dll
2013-09-01 03:12:42    30208    ----a-w-    C:\Windows\System32\dnscacheugc.exe
2013-09-01 03:12:42    28672    ----a-w-    C:\Windows\SysWow64\dnscacheugc.exe
2013-09-01 03:12:42    183296    ----a-w-    C:\Windows\System32\dnsrslvr.dll
2013-09-01 03:10:24    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2013-09-01 03:10:24    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2013-09-01 03:10:22    624128    ----a-w-    C:\Windows\System32\qedit.dll
2013-09-01 03:10:22    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2013-09-01 03:10:17    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-01 03:10:17    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-01 03:10:07    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-09-01 03:09:53    245760    ----a-w-    C:\Windows\System32\OxpsConverter.exe
2013-09-01 03:04:30    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2013-09-01 03:04:30    1111552    ----a-w-    C:\Windows\System32\rdpcorets.dll
2013-09-01 03:04:23    467456    ----a-w-    C:\Windows\System32\drivers\srv.sys
2013-09-01 03:04:23    410112    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2013-09-01 03:04:23    168448    ----a-w-    C:\Windows\System32\drivers\srvnet.sys
2013-09-01 03:04:15    800768    ----a-w-    C:\Windows\System32\usp10.dll
2013-09-01 03:04:15    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2013-09-01 03:01:58    75776    ----a-w-    C:\Windows\SysWow64\psisrndr.ax
2013-09-01 03:01:58    613888    ----a-w-    C:\Windows\System32\psisdecd.dll
2013-09-01 03:01:58    465408    ----a-w-    C:\Windows\SysWow64\psisdecd.dll
2013-09-01 03:01:57    108032    ----a-w-    C:\Windows\System32\psisrndr.ax
2013-09-01 03:01:47    210944    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2013-09-01 03:00:15    498688    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-01 02:55:45    95744    ----a-w-    C:\Windows\System32\synceng.dll
2013-09-01 02:55:45    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2013-09-01 02:55:42    566208    ----a-w-    C:\Windows\System32\winresume.efi
2013-09-01 02:55:41    642944    ----a-w-    C:\Windows\System32\winload.efi
2013-09-01 02:55:41    605552    ----a-w-    C:\Windows\System32\winload.exe
2013-09-01 02:55:41    518672    ----a-w-    C:\Windows\System32\winresume.exe
2013-09-01 02:55:41    20352    ----a-w-    C:\Windows\System32\kdusb.dll
2013-09-01 02:55:41    19328    ----a-w-    C:\Windows\System32\kd1394.dll
2013-09-01 02:55:41    17792    ----a-w-    C:\Windows\System32\kdcom.dll
2013-09-01 02:55:38    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-09-01 02:55:38    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-09-01 02:55:36    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-09-01 02:55:06    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2013-09-01 02:53:21    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-09-01 02:53:21    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-09-01 02:52:34    404480    ----a-w-    C:\Windows\System32\umpnpmgr.dll
2013-09-01 02:52:34    252928    ----a-w-    C:\Windows\SysWow64\drvinst.exe
2013-09-01 02:52:34    145920    ----a-w-    C:\Windows\SysWow64\cfgmgr32.dll
2013-09-01 02:52:33    64512    ----a-w-    C:\Windows\SysWow64\devobj.dll
2013-09-01 02:52:31    44544    ----a-w-    C:\Windows\SysWow64\devrtl.dll
2013-09-01 02:50:53    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2013-09-01 02:50:47    503808    ----a-w-    C:\Windows\System32\srcore.dll
2013-09-01 02:50:47    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2013-09-01 02:50:41    267776    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2013-09-01 02:50:34    976896    ----a-w-    C:\Windows\System32\inetcomm.dll
2013-09-01 02:50:33    741376    ----a-w-    C:\Windows\SysWow64\inetcomm.dll
2013-09-01 02:50:19    690688    ----a-w-    C:\Windows\SysWow64\msvcrt.dll
2013-09-01 02:50:19    634880    ----a-w-    C:\Windows\System32\msvcrt.dll
2013-09-01 02:49:52    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-09-01 02:49:52    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-09-01 02:49:52    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-09-01 02:49:51    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-09-01 02:49:04    956928    ----a-w-    C:\Windows\System32\localspl.dll
2013-09-01 02:48:59    90624    ----a-w-    C:\Windows\System32\drivers\bowser.sys
2013-09-01 02:48:54    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2013-09-01 02:48:54    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2013-09-01 02:48:54    331776    ----a-w-    C:\Windows\System32\oleacc.dll
2013-09-01 02:48:54    233472    ----a-w-    C:\Windows\SysWow64\oleacc.dll
2013-09-01 02:48:45    723456    ----a-w-    C:\Windows\System32\EncDec.dll
2013-09-01 02:48:45    534528    ----a-w-    C:\Windows\SysWow64\EncDec.dll
2013-09-01 02:48:06    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2013-09-01 02:48:06    43520    ----a-w-    C:\Windows\System32\csrsrv.dll
2013-09-01 02:48:06    112640    ----a-w-    C:\Windows\System32\smss.exe
2013-09-01 02:47:29    75120    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2013-09-01 02:47:15    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-09-01 02:47:15    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-09-01 02:45:17    715776    ----a-w-    C:\Windows\System32\kerberos.dll
2013-09-01 02:45:17    542208    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2013-09-01 02:44:52    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2013-09-01 02:44:48    67072    ----a-w-    C:\Windows\splwow64.exe
2013-09-01 01:38:09    77312    ----a-w-    C:\Windows\System32\packager.dll
2013-09-01 01:38:09    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2013-09-01 01:35:19    826880    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2013-09-01 01:35:19    23552    ----a-w-    C:\Windows\System32\drivers\tdtcp.sys
2013-09-01 01:35:19    1031680    ----a-w-    C:\Windows\System32\rdpcore.dll
2013-09-01 01:17:06    --------    d-----w-    C:\Users\jgeils\AppData\Local\Google
2013-09-01 01:14:11    --------    d-----w-    C:\Users\jgeils\AppData\Local\Apps
2013-09-01 01:13:57    --------    d-----w-    C:\Users\jgeils\AppData\Local\Deployment
2013-09-01 00:23:46    2622464    ----a-w-    C:\Windows\System32\wucltux.dll
2013-09-01 00:22:35    99840    ----a-w-    C:\Windows\System32\wudriver.dll
2013-09-01 00:20:55    36864    ----a-w-    C:\Windows\System32\wuapp.exe
2013-09-01 00:20:55    186752    ----a-w-    C:\Windows\System32\wuwebv.dll
2013-09-01 00:15:35    --------    d-----w-    C:\Program Files (x86)\Point-N-Click
2013-08-31 23:24:24    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\Point-N-Click
2013-08-31 23:17:23    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\Intel Corporation
2013-08-31 23:17:02    --------    d-----w-    C:\Users\jgeils\AppData\Local\Toshiba
2013-08-31 23:17:01    --------    d-----w-    C:\Users\jgeils\AppData\Roaming\Protector Suite
2013-08-24 21:15:32    --------    d-----w-    C:\Temp
2013-08-24 05:36:46    --------    d-----w-    C:\Recovery
.
==================== Find3M  ====================
.
2013-09-01 21:58:52    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-07-09 05:52:52    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16    1217024    ----a-w-    C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20    1472512    ----a-w-    C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33    663552    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31    1166848    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-07-06 06:03:53    1910208    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-19 01:50:08    247216    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 01:50:08    139616    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-05-28 02:31:45    483328    ----a-w-    C:\Program Files (x86)\putty.exe
.
============= FINISH: 21:01:15.72 ===============
 



#3 Jack01730

Jack01730
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 07 September 2013 - 08:06 PM

MiniToolBox by Farbar  Version: 13-07-2013
Ran by jgeils (administrator) on 06-09-2013 at 22:57:43
Running from "C:\Program Files (x86)\Malware DX and Fix"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/06/2013 07:09:25 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3656.  Message ID: [0x2509].

Error: (09/06/2013 07:08:08 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3856.  Message ID: [0x2509].

Error: (09/06/2013 06:52:30 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1712.  Message ID: [0x2509].

Error: (09/06/2013 06:49:02 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3532.  Message ID: [0x2509].


System errors:
=============
Error: (09/06/2013 09:34:52 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/06/2013 09:34:33 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (09/06/2013 07:09:25 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3656.  Message ID: [0x2509].

Error: (09/06/2013 07:08:08 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3856.  Message ID: [0x2509].

Error: (09/06/2013 06:52:30 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1712.  Message ID: [0x2509].

Error: (09/06/2013 06:49:02 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3532.  Message ID: [0x2509].


**** End of log ****
 

 



#4 Jack01730

Jack01730
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 07 September 2013 - 08:07 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.09.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
jgeils :: JGEILS-PC [administrator]

9/6/2013 11:19:43 PM
mbar-log-2013-09-06 (23-19-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 248177
Time elapsed: 41 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 



#5 Jack01730

Jack01730
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 07 September 2013 - 08:08 PM

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/06/2013 11:07:12 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 09/06/2013 11:10:41 PM
Execution time: 0 hours(s), 3 minute(s), and 29 seconds(s)
 

 



#6 Jack01730

Jack01730
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 08 September 2013 - 04:30 PM

Should C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted  be taking up large amounts of memory? It has 135 MB vs. 315 for firefox.

 



#7 mrgodai

mrgodai

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 08 September 2013 - 04:53 PM

uninstall Avast and see if that helps.



#8 Jack01730

Jack01730
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 08 September 2013 - 05:43 PM

I uninstalled Avast and it made no difference in memory use. I tried youtube and a plugin stopped responding and firefox became unresponsive and keeps crashing.


Edited by Jack01730, 08 September 2013 - 05:44 PM.


#9 Jack01730

Jack01730
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:23 AM

Posted 08 September 2013 - 06:34 PM

After I last post, I got a BSOD. There is no minidump file this is the minitool log.

 

 

MiniToolBox by Farbar  Version: 13-07-2013
Ran by jgeils (administrator) on 08-09-2013 at 19:26:53
Running from "C:\Program Files (x86)\Malware DX and Fix"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/08/2013 06:32:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 23.0.1.4974, time stamp: 0x520bc1d5
Faulting module name: NPSWF32_11_8_800_94.dll, version: 11.8.800.94, time stamp: 0x51c4d986
Exception code: 0x80000003
Fault offset: 0x00342c6d
Faulting process id: 0x9ec
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (09/08/2013 01:07:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/08/2013 01:07:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/07/2013 11:37:14 PM) (Source: Application Hang) (User: )
Description: The program tdsskiller.exe version 2.8.18.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ecc

Start Time: 01ceac4496979941

Termination Time: 0

Application Path: D:\Portable Apps\PortableApps\KasperskyTDSSKillerPortable\App\TDSSKiller\tdsskiller.exe

Report Id: ebc5bad7-1837-11e3-bfac-00404536f179

Error: (09/07/2013 01:55:19 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/07/2013 01:54:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (09/06/2013 07:09:25 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3656.  Message ID: [0x2509].

Error: (09/06/2013 07:08:08 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3856.  Message ID: [0x2509].

Error: (09/06/2013 06:52:30 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1712.  Message ID: [0x2509].

Error: (09/06/2013 06:49:02 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3532.  Message ID: [0x2509].


System errors:
=============
Error: (09/08/2013 07:14:37 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:09:31 PM on ?9/?8/?2013 was unexpected.

Error: (09/08/2013 06:04:54 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/08/2013 10:04:54 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ANNEMARIE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB327832-A3FF-428D-AC40-7FF31384A0C9}.
The master browser is stopping or an election is being forced.

Error: (09/07/2013 11:24:03 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (09/07/2013 11:24:02 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (09/07/2013 11:24:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (09/07/2013 11:23:30 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (09/07/2013 11:23:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (09/07/2013 08:44:18 PM) (Source: WMPNetworkSvc) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (09/07/2013 08:28:29 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOHNL-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB327832-A3FF-428D-AC40-7FF31384A0C9}.
The master browser is stopping or an election is being forced.


Microsoft Office Sessions:
=========================
Error: (09/08/2013 06:32:10 PM) (Source: Application Error)(User: )
Description: plugin-container.exe23.0.1.4974520bc1d5NPSWF32_11_8_800_94.dll11.8.800.9451c4d9868000000300342c6d9ec01ceace0fa106a8dC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll7f81c15f-18d6-11e3-8044-00404536f179

Error: (09/08/2013 01:07:58 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe

Error: (09/08/2013 01:07:23 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe

Error: (09/07/2013 11:37:14 PM) (Source: Application Hang)(User: )
Description: tdsskiller.exe2.8.18.0ecc01ceac44969799410D:\Portable Apps\PortableApps\KasperskyTDSSKillerPortable\App\TDSSKiller\tdsskiller.exeebc5bad7-1837-11e3-bfac-00404536f179

Error: (09/07/2013 01:55:19 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\Tools\AVRCPTestTool.exe

Error: (09/07/2013 01:54:34 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBt1st.exe

Error: (09/06/2013 07:09:25 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3656.  Message ID: [0x2509].

Error: (09/06/2013 07:08:08 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3856.  Message ID: [0x2509].

Error: (09/06/2013 06:52:30 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 1712.  Message ID: [0x2509].

Error: (09/06/2013 06:49:02 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18052 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 3532.  Message ID: [0x2509].

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users