Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with unknown: keep seeing pop-ups in FireFox


  • This topic is locked This topic is locked
60 replies to this topic

#1 jilliansman

jilliansman

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 07 October 2013 - 12:58 PM

Im not sure what I'm infected with. I have done antivirus scans with my AVG free and malware scans with Malwarebytes Anti-Malware and nothing is coming up. A few weeks ago, Firefox started acting up and giving me full screen pop-ups. I am unsure if this is related or not, but I recently started getting an error that if I don't close right away, will pop up on screen dozens of times, one in front of the other. I can't remember exactly what the error states (I do know it has something to do with "VCL" something), but I will edit my post, or reply to the post when I get it next. Obviously my number 1 priority would be the Firefox pop-up.

 

Thank you in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 DSREPAIR
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by John at 13:42:40 on 2013-10-07
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3963.2124 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uProxyOverride = <local>;*.local
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Bonjour Service] C:\Program Files\Bonjour\mDNSResponder.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe                                                                                                                                                                                    
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F67991D5-0FEF-4FE2-9AA2-F60110B4E276} : DHCPNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: igfxcui - <no file>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
IFEO: excel.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: groove.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: infopath.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: msaccess.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: msoxmled.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-IFEO: excel.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
x64-IFEO: groove.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
x64-IFEO: infopath.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
x64-IFEO: msaccess.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
x64-IFEO: msoxmled.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-08-07 15:10; https-everywhere@eff.org; C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\extensions\https-everywhere@eff.org
FF - ExtSQL: !HIDDEN! 2010-03-02 21:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-23 55856]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-6-27 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-7-10 40960]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2010-3-10 27648]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-1-31 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2010-3-6 72216]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-14 2072896]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-12-15 319384]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-6 248248]
R2 WDFMEService;WDFME;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-12-15 1977224]
R2 WDRulesService;WDRules;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-12-15 1338264]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2012-10-6 352144]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [2010-2-24 8704]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETwNv64.sys [2011-10-31 8399360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-13 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 NETw3v64;Intel® PRO/Wireless 3945BG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2006-11-2 2471424]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2010-3-10 19968]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2010-2-24 52736]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-12-16 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2011-4-25 24064]
S4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-4-25 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-10-01 00:17:21    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-01 00:17:21    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-05 05:43:42    45880    ----a-w-    C:\Windows\System32\drivers\avgrkx64.sys
2013-08-31 20:54:39    78161360    ----a-w-    C:\Windows\System32\mrt.exe
2013-08-26 09:13:02    354656    ----a-w-    C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2013-08-07 22:54:02    94208    ----a-w-    C:\Windows\SysWow64\dpl100.dll
2013-08-02 14:06:01    1706496    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35    1548288    ----a-w-    C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:54:29    17830400    ----a-w-    C:\Windows\System32\mshtml.dll
2013-07-25 03:37:25    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-07-25 03:35:45    10926080    ----a-w-    C:\Windows\System32\ieframe.dll
2013-07-25 03:31:23    1346560    ----a-w-    C:\Windows\System32\urlmon.dll
2013-07-25 03:30:49    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-07-25 03:29:41    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-07-25 03:29:21    237056    ----a-w-    C:\Windows\System32\url.dll
2013-07-25 03:29:06    86016    ----a-w-    C:\Windows\System32\jsproxy.dll
2013-07-25 03:28:46    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-07-25 03:28:31    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-07-25 03:28:27    816640    ----a-w-    C:\Windows\System32\jscript.dll
2013-07-25 03:28:24    2147840    ----a-w-    C:\Windows\System32\iertutil.dll
2013-07-25 03:28:18    729088    ----a-w-    C:\Windows\System32\msfeeds.dll
2013-07-25 03:27:29    96768    ----a-w-    C:\Windows\System32\mshtmled.dll
2013-07-25 03:27:20    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-07-25 03:26:53    248320    ----a-w-    C:\Windows\System32\ieui.dll
2013-07-25 02:40:07    12334080    ----a-w-    C:\Windows\SysWow64\mshtml.dll
2013-07-25 02:32:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-07-25 02:30:47    9738752    ----a-w-    C:\Windows\SysWow64\ieframe.dll
2013-07-25 02:26:45    1104384    ----a-w-    C:\Windows\SysWow64\urlmon.dll
2013-07-25 02:26:10    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-07-25 02:24:39    231936    ----a-w-    C:\Windows\SysWow64\url.dll
2013-07-25 02:24:24    65536    ----a-w-    C:\Windows\SysWow64\jsproxy.dll
2013-07-25 02:23:59    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-07-25 02:23:51    717824    ----a-w-    C:\Windows\SysWow64\jscript.dll
2013-07-25 02:23:30    1796096    ----a-w-    C:\Windows\SysWow64\iertutil.dll
2013-07-25 02:23:27    607744    ----a-w-    C:\Windows\SysWow64\msfeeds.dll
2013-07-25 02:22:47    73216    ----a-w-    C:\Windows\SysWow64\mshtmled.dll
2013-07-25 02:22:35    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-07-25 02:22:04    176640    ----a-w-    C:\Windows\SysWow64\ieui.dll
2013-07-20 05:51:00    311608    ----a-w-    C:\Windows\System32\drivers\avgloga.sys
2013-07-20 05:50:56    71480    ----a-w-    C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 05:50:56    246072    ----a-w-    C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 05:50:50    206648    ----a-w-    C:\Windows\System32\drivers\avgldx64.sys
2013-07-17 20:01:51    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-07-17 19:41:34    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-07-10 09:47:49    677888    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55    1303552    ----a-w-    C:\Windows\System32\rpcrt4.dll
.
============= FINISH: 13:43:23.61 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 AM

Posted 08 October 2013 - 09:21 PM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jilliansman

jilliansman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 08 October 2013 - 10:01 PM

Thanks for your time. Here are my results:

 

TDSSkiller: No threats found:

 

22:49:50.0347 521776  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:49:51.0502 521776  ============================================================
22:49:51.0503 521776  Current date / time: 2013/10/08 22:49:51.0502
22:49:51.0503 521776  SystemInfo:
22:49:51.0503 521776  
22:49:51.0503 521776  OS Version: 6.0.6002 ServicePack: 2.0
22:49:51.0503 521776  Product type: Workstation
22:49:51.0503 521776  ComputerName: JOHN-PC
22:49:51.0503 521776  UserName: John
22:49:51.0503 521776  Windows directory: C:\Windows
22:49:51.0503 521776  System windows directory: C:\Windows
22:49:51.0503 521776  Running under WOW64
22:49:51.0503 521776  Processor architecture: Intel x64
22:49:51.0503 521776  Number of processors: 2
22:49:51.0504 521776  Page size: 0x1000
22:49:51.0504 521776  Boot type: Normal boot
22:49:51.0504 521776  ============================================================
22:49:53.0282 521776  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:49:53.0291 521776  ============================================================
22:49:53.0292 521776  \Device\Harddisk0\DR0:
22:49:53.0292 521776  MBR partitions:
22:49:53.0292 521776  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
22:49:53.0292 521776  ============================================================
22:49:53.0312 521776  C: <-> \Device\Harddisk0\DR0\Partition1
22:49:53.0313 521776  ============================================================
22:49:53.0313 521776  Initialize success
22:49:53.0313 521776  ============================================================
22:51:09.0559 522832  ============================================================
22:51:09.0559 522832  Scan started
22:51:09.0559 522832  Mode: Manual;
22:51:09.0559 522832  ============================================================
22:51:10.0823 522832  ================ Scan system memory ========================
22:51:10.0823 522832  System memory - ok
22:51:10.0824 522832  ================ Scan services =============================
22:51:11.0011 522832  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:51:11.0021 522832  ACPI - ok
22:51:11.0137 522832  [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
22:51:11.0144 522832  AdobeActiveFileMonitor7.0 - ok
22:51:11.0178 522832  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:51:11.0181 522832  AdobeARMservice - ok
22:51:11.0245 522832  [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:51:11.0259 522832  adp94xx - ok
22:51:11.0353 522832  [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:51:11.0362 522832  adpahci - ok
22:51:11.0392 522832  [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:51:11.0398 522832  adpu160m - ok
22:51:11.0424 522832  [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:51:11.0431 522832  adpu320 - ok
22:51:11.0489 522832  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:51:11.0491 522832  AeLookupSvc - ok
22:51:11.0533 522832  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
22:51:11.0544 522832  AFD - ok
22:51:11.0598 522832  [ E59BC94C0FC336F2F6A07A7E16441C48 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
22:51:11.0630 522832  AgereSoftModem - ok
22:51:11.0690 522832  [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:51:11.0694 522832  agp440 - ok
22:51:11.0732 522832  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:51:11.0737 522832  aic78xx - ok
22:51:11.0777 522832  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
22:51:11.0781 522832  ALG - ok
22:51:11.0812 522832  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:51:11.0815 522832  aliide - ok
22:51:11.0832 522832  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
22:51:11.0835 522832  amdide - ok
22:51:11.0854 522832  [ DE55DC52F7CEB89A967572D6B491ADA2 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:51:11.0858 522832  AmdK8 - ok
22:51:11.0901 522832  [ 7CE7D6019D0D73F9203BA4FF4BA35B6A ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
22:51:11.0906 522832  AnyDVD - ok
22:51:11.0930 522832  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
22:51:11.0933 522832  Appinfo - ok
22:51:12.0008 522832  [ 30E3850F303EAE5C364782EA78579CC9 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:51:12.0010 522832  Apple Mobile Device - ok
22:51:12.0046 522832  [ 2E8623F2FED998A97129A3DB919551C8 ] arc             C:\Windows\system32\drivers\arc.sys
22:51:12.0050 522832  arc - ok
22:51:12.0118 522832  [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:51:12.0122 522832  arcsas - ok
22:51:12.0234 522832  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:51:12.0238 522832  aspnet_state - ok
22:51:12.0295 522832  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:12.0309 522832  AsyncMac - ok
22:51:12.0363 522832  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:51:12.0365 522832  atapi - ok
22:51:12.0402 522832  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:51:12.0413 522832  AudioEndpointBuilder - ok
22:51:12.0428 522832  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:51:12.0433 522832  AudioSrv - ok
22:51:12.0612 522832  [ 4DB93F4DB7077801D2D82013506AC1D0 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
22:51:12.0735 522832  AVGIDSAgent - ok
22:51:12.0769 522832  [ 241C32E942869FD1351CC5864976C3AC ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
22:51:12.0777 522832  AVGIDSDriver - ok
22:51:12.0802 522832  [ C8D9EEACF266512C1FA52E2ECF5AD944 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
22:51:12.0806 522832  AVGIDSHA - ok
22:51:12.0827 522832  [ FACD18A89FDEBC35C85CAF762B294BE2 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
22:51:12.0834 522832  Avgldx64 - ok
22:51:12.0877 522832  [ 29FCDEAC6086FB7E55344B51E35D99CE ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
22:51:12.0911 522832  Avgloga - ok
22:51:12.0932 522832  [ 85053293DCDE19829E8691A9E9E8A6FF ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
22:51:12.0936 522832  Avgmfx64 - ok
22:51:12.0960 522832  [ 4494718783294ECFFBA7E89D82BAE6E1 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
22:51:12.0964 522832  Avgrkx64 - ok
22:51:12.0996 522832  [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
22:51:13.0003 522832  Avgtdia - ok
22:51:13.0037 522832  [ 48939D9F350AEF9370F03A1E49A49BE2 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
22:51:13.0047 522832  avgwd - ok
22:51:13.0098 522832  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
22:51:13.0109 522832  BFE - ok
22:51:13.0169 522832  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
22:51:13.0202 522832  BITS - ok
22:51:13.0213 522832  blbdrive - ok
22:51:13.0314 522832  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:51:13.0326 522832  Bonjour Service - ok
22:51:13.0350 522832  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:51:13.0355 522832  bowser - ok
22:51:13.0389 522832  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:51:13.0393 522832  BrFiltLo - ok
22:51:13.0419 522832  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:51:13.0423 522832  BrFiltUp - ok
22:51:13.0467 522832  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
22:51:13.0471 522832  Browser - ok
22:51:13.0522 522832  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:51:13.0528 522832  Brserid - ok
22:51:13.0549 522832  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:51:13.0553 522832  BrSerWdm - ok
22:51:13.0572 522832  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:51:13.0576 522832  BrUsbMdm - ok
22:51:13.0600 522832  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:51:13.0603 522832  BrUsbSer - ok
22:51:13.0633 522832  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:51:13.0637 522832  BTHMODEM - ok
22:51:13.0684 522832  [ 555FA105C22B1616094EDAD1CBFB0551 ] cbfs3           C:\Windows\system32\DRIVERS\cbfs3.sys
22:51:13.0695 522832  cbfs3 - ok
22:51:13.0729 522832  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:51:13.0734 522832  cdfs - ok
22:51:13.0760 522832  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:51:13.0767 522832  cdrom - ok
22:51:13.0803 522832  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:51:13.0806 522832  CertPropSvc - ok
22:51:13.0845 522832  [ F28F00596824058BC61D5EDF434C9B82 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:51:13.0849 522832  circlass - ok
22:51:13.0877 522832  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
22:51:13.0890 522832  CLFS - ok
22:51:13.0943 522832  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:51:13.0948 522832  clr_optimization_v2.0.50727_32 - ok
22:51:13.0985 522832  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:51:13.0990 522832  clr_optimization_v2.0.50727_64 - ok
22:51:14.0056 522832  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:51:14.0062 522832  clr_optimization_v4.0.30319_32 - ok
22:51:14.0091 522832  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:51:14.0107 522832  clr_optimization_v4.0.30319_64 - ok
22:51:14.0141 522832  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:14.0147 522832  CmBatt - ok
22:51:14.0163 522832  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:51:14.0167 522832  cmdide - ok
22:51:14.0207 522832  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:51:14.0215 522832  Compbatt - ok
22:51:14.0226 522832  COMSysApp - ok
22:51:14.0367 522832  [ B9D3D216C66E0CD37478F5E5778AA35B ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
22:51:14.0368 522832  ConfigFree Gadget Service - ok
22:51:14.0398 522832  [ C508B28B9DA7563634A2A2B2EEF4395D ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:51:14.0400 522832  ConfigFree Service - ok
22:51:14.0446 522832  [ 3CA734CE373E5675FBC15CA2C45228E5 ] cpudrv64        C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
22:51:14.0448 522832  cpudrv64 - ok
22:51:14.0476 522832  [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:51:14.0480 522832  crcdisk - ok
22:51:14.0577 522832  [ 5AAC48EAF8EACF247DB44FB61B900D89 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:51:14.0582 522832  CryptSvc - ok
22:51:14.0627 522832  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:51:14.0656 522832  DcomLaunch - ok
22:51:14.0688 522832  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:51:14.0692 522832  DfsC - ok
22:51:14.0807 522832  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
22:51:14.0896 522832  DFSR - ok
22:51:14.0924 522832  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:51:14.0933 522832  Dhcp - ok
22:51:14.0966 522832  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
22:51:14.0970 522832  disk - ok
22:51:15.0002 522832  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:51:15.0007 522832  Dnscache - ok
22:51:15.0025 522832  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:51:15.0032 522832  dot3svc - ok
22:51:15.0064 522832  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
22:51:15.0069 522832  DPS - ok
22:51:15.0103 522832  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:51:15.0112 522832  drmkaud - ok
22:51:15.0163 522832  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:51:15.0197 522832  DXGKrnl - ok
22:51:15.0251 522832  [ D57FE09B575545738A73A0C193D0616A ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
22:51:15.0256 522832  E1G60 - ok
22:51:15.0304 522832  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
22:51:15.0309 522832  EapHost - ok
22:51:15.0346 522832  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:51:15.0355 522832  Ecache - ok
22:51:15.0396 522832  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:51:15.0406 522832  ehRecvr - ok
22:51:15.0425 522832  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched         C:\Windows\ehome\ehsched.exe
22:51:15.0431 522832  ehSched - ok
22:51:15.0461 522832  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart         C:\Windows\ehome\ehstart.dll
22:51:15.0464 522832  ehstart - ok
22:51:15.0498 522832  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
22:51:15.0502 522832  ElbyCDIO - ok
22:51:15.0554 522832  [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:51:15.0564 522832  elxstor - ok
22:51:15.0620 522832  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:51:15.0634 522832  EMDMgmt - ok
22:51:15.0680 522832  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
22:51:15.0690 522832  EventSystem - ok
22:51:15.0769 522832  [ 87C42A7743B6B2CCE5EC29A2EAD26662 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:51:15.0814 522832  EvtEng - ok
22:51:15.0861 522832  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:51:15.0871 522832  exfat - ok
22:51:15.0943 522832  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:51:15.0950 522832  fastfat - ok
22:51:15.0998 522832  [ 61B6DBD1AD1143F008364D4E9A96B224 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:51:16.0002 522832  fdc - ok
22:51:16.0036 522832  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
22:51:16.0038 522832  fdPHost - ok
22:51:16.0075 522832  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
22:51:16.0078 522832  FDResPub - ok
22:51:16.0096 522832  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:51:16.0100 522832  FileInfo - ok
22:51:16.0139 522832  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:51:16.0142 522832  Filetrace - ok
22:51:16.0213 522832  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:51:16.0301 522832  FLEXnet Licensing Service - ok
22:51:16.0333 522832  [ 12C3D1B4D0CE49E1CE343BA2F22F15E0 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:16.0336 522832  flpydisk - ok
22:51:16.0370 522832  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:51:16.0379 522832  FltMgr - ok
22:51:16.0437 522832  [ F20A97F51C104DD0A163251325460747 ] FontCache       C:\Windows\system32\FntCache.dll
22:51:16.0476 522832  FontCache - ok
22:51:16.0523 522832  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:51:16.0527 522832  FontCache3.0.0.0 - ok
22:51:16.0554 522832  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:51:16.0557 522832  Fs_Rec - ok
22:51:16.0579 522832  [ 6D06B5EEBBA23C16789EFC820EE1F253 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
22:51:16.0581 522832  FwLnk - ok
22:51:16.0633 522832  [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:51:16.0637 522832  gagp30kx - ok
22:51:16.0694 522832  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:51:16.0695 522832  GEARAspiWDM - ok
22:51:16.0740 522832  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:51:16.0763 522832  gpsvc - ok
22:51:16.0815 522832  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:51:16.0819 522832  gupdate - ok
22:51:16.0829 522832  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:51:16.0832 522832  gupdatem - ok
22:51:16.0863 522832  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:51:16.0873 522832  HdAudAddService - ok
22:51:16.0918 522832  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:51:16.0952 522832  HDAudBus - ok
22:51:16.0987 522832  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:51:16.0991 522832  HidBth - ok
22:51:17.0003 522832  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:51:17.0007 522832  HidIr - ok
22:51:17.0043 522832  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
22:51:17.0046 522832  hidserv - ok
22:51:17.0075 522832  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:51:17.0078 522832  HidUsb - ok
22:51:17.0112 522832  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:51:17.0117 522832  hkmsvc - ok
22:51:17.0148 522832  [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:51:17.0152 522832  HpCISSs - ok
22:51:17.0230 522832  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:51:17.0331 522832  HTTP - ok
22:51:17.0377 522832  [ F2901763845570ECAC48E6A50EC50812 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:51:17.0380 522832  i2omp - ok
22:51:17.0426 522832  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:51:17.0430 522832  i8042prt - ok
22:51:17.0475 522832  [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:51:17.0485 522832  iaStorV - ok
22:51:17.0557 522832  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:51:17.0591 522832  idsvc - ok
22:51:17.0821 522832  [ 663E7364F650A915D415EEB2DA98D86A ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
22:51:18.0025 522832  igfx - ok
22:51:18.0087 522832  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:51:18.0090 522832  iirsp - ok
22:51:18.0142 522832  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
22:51:18.0155 522832  IKEEXT - ok
22:51:18.0178 522832  [ 36A266C673812878996F72B200203FBB ] intelide        C:\Windows\system32\drivers\intelide.sys
22:51:18.0181 522832  intelide - ok
22:51:18.0217 522832  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:51:18.0227 522832  intelppm - ok
22:51:18.0303 522832  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:51:18.0307 522832  IPBusEnum - ok
22:51:18.0391 522832  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:18.0395 522832  IpFilterDriver - ok
22:51:18.0437 522832  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:51:18.0444 522832  iphlpsvc - ok
22:51:18.0454 522832  IpInIp - ok
22:51:18.0506 522832  [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:51:18.0510 522832  IPMIDRV - ok
22:51:18.0564 522832  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:51:18.0569 522832  IPNAT - ok
22:51:18.0717 522832  [ 6660920D05A32DF2DC1260CEF0B6D172 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:51:18.0741 522832  iPod Service - ok
22:51:18.0778 522832  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:51:18.0782 522832  IRENUM - ok
22:51:18.0831 522832  [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:51:18.0835 522832  isapnp - ok
22:51:18.0872 522832  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:51:18.0880 522832  iScsiPrt - ok
22:51:18.0910 522832  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:51:18.0914 522832  iteatapi - ok
22:51:18.0926 522832  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:51:18.0929 522832  iteraid - ok
22:51:18.0981 522832  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:18.0984 522832  kbdclass - ok
22:51:19.0017 522832  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:51:19.0020 522832  kbdhid - ok
22:51:19.0044 522832  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
22:51:19.0047 522832  KeyIso - ok
22:51:19.0087 522832  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:51:19.0108 522832  KSecDD - ok
22:51:19.0144 522832  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:51:19.0148 522832  ksthunk - ok
22:51:19.0208 522832  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:51:19.0223 522832  KtmRm - ok
22:51:19.0272 522832  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:51:19.0279 522832  LanmanServer - ok
22:51:19.0306 522832  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:51:19.0314 522832  LanmanWorkstation - ok
22:51:19.0349 522832  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:51:19.0352 522832  lltdio - ok
22:51:19.0381 522832  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:51:19.0390 522832  lltdsvc - ok
22:51:19.0409 522832  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:51:19.0414 522832  lmhosts - ok
22:51:19.0469 522832  [ 8F2CFF01F12955477450DA5E572D4001 ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
22:51:19.0479 522832  LMIGuardianSvc - ok
22:51:19.0503 522832  [ 0F28935ECF1FBDEC22BAF720A5A94564 ] LMIInfo         C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
22:51:19.0506 522832  LMIInfo - ok
22:51:19.0546 522832  [ CA86C7042E406070B905AE6CA45D22EA ] LMIMaint        C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
22:51:19.0553 522832  LMIMaint - ok
22:51:19.0579 522832  [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr         C:\Windows\system32\DRIVERS\lmimirr.sys
22:51:19.0582 522832  lmimirr - ok
22:51:19.0588 522832  LMIRfsClientNP - ok
22:51:19.0612 522832  [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver    C:\Windows\system32\drivers\LMIRfsDriver.sys
22:51:19.0617 522832  LMIRfsDriver - ok
22:51:19.0660 522832  [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn         C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
22:51:19.0671 522832  LogMeIn - ok
22:51:19.0743 522832  [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:51:19.0747 522832  LSI_FC - ok
22:51:19.0795 522832  [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:51:19.0800 522832  LSI_SAS - ok
22:51:19.0823 522832  [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:51:19.0828 522832  LSI_SCSI - ok
22:51:19.0851 522832  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:51:19.0856 522832  luafv - ok
22:51:19.0892 522832  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:51:19.0897 522832  Mcx2Svc - ok
22:51:19.0935 522832  [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas         C:\Windows\system32\drivers\megasas.sys
22:51:19.0938 522832  megasas - ok
22:51:19.0993 522832  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:51:19.0998 522832  Microsoft Office Groove Audit Service - ok
22:51:20.0019 522832  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
22:51:20.0022 522832  MMCSS - ok
22:51:20.0040 522832  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
22:51:20.0044 522832  Modem - ok
22:51:20.0073 522832  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:51:20.0076 522832  monitor - ok
22:51:20.0114 522832  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:51:20.0118 522832  mouclass - ok
22:51:20.0132 522832  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:51:20.0139 522832  mouhid - ok
22:51:20.0158 522832  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:51:20.0162 522832  MountMgr - ok
22:51:20.0201 522832  [ 0329A45C849C9D77901094B8FFE8BBB9 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:51:20.0280 522832  MozillaMaintenance - ok
22:51:20.0340 522832  [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:51:20.0345 522832  mpio - ok
22:51:20.0406 522832  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:51:20.0410 522832  mpsdrv - ok
22:51:20.0442 522832  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:51:20.0464 522832  MpsSvc - ok
22:51:20.0503 522832  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:51:20.0507 522832  Mraid35x - ok
22:51:20.0523 522832  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:51:20.0530 522832  MRxDAV - ok
22:51:20.0577 522832  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:20.0584 522832  mrxsmb - ok
22:51:20.0625 522832  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:20.0634 522832  mrxsmb10 - ok
22:51:20.0652 522832  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:20.0657 522832  mrxsmb20 - ok
22:51:20.0681 522832  [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:51:20.0684 522832  msahci - ok
22:51:20.0739 522832  [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:51:20.0744 522832  msdsm - ok
22:51:20.0829 522832  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
22:51:20.0962 522832  MSDTC - ok
22:51:21.0018 522832  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:51:21.0022 522832  Msfs - ok
22:51:21.0060 522832  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:51:21.0063 522832  msisadrv - ok
22:51:21.0109 522832  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:51:21.0116 522832  MSiSCSI - ok
22:51:21.0122 522832  msiserver - ok
22:51:21.0145 522832  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:51:21.0149 522832  MSKSSRV - ok
22:51:21.0222 522832  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:21.0228 522832  MSPCLOCK - ok
22:51:21.0249 522832  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:51:21.0258 522832  MSPQM - ok
22:51:21.0325 522832  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:51:21.0334 522832  MsRPC - ok
22:51:21.0351 522832  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:51:21.0354 522832  mssmbios - ok
22:51:21.0397 522832  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:51:21.0404 522832  MSTEE - ok
22:51:21.0457 522832  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:51:21.0461 522832  Mup - ok
22:51:21.0500 522832  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
22:51:21.0512 522832  napagent - ok
22:51:21.0551 522832  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:51:21.0558 522832  NativeWifiP - ok
22:51:21.0598 522832  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:51:21.0625 522832  NDIS - ok
22:51:21.0654 522832  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:21.0657 522832  NdisTapi - ok
22:51:21.0677 522832  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:21.0680 522832  Ndisuio - ok
22:51:21.0703 522832  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:21.0710 522832  NdisWan - ok
22:51:21.0727 522832  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:51:21.0731 522832  NDProxy - ok
22:51:21.0750 522832  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:51:21.0754 522832  NetBIOS - ok
22:51:21.0776 522832  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:51:21.0784 522832  netbt - ok
22:51:21.0797 522832  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
22:51:21.0800 522832  Netlogon - ok
22:51:21.0833 522832  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
22:51:21.0844 522832  Netman - ok
22:51:21.0877 522832  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:51:21.0882 522832  NetMsmqActivator - ok
22:51:21.0889 522832  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:51:21.0892 522832  NetPipeActivator - ok
22:51:21.0922 522832  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
22:51:21.0932 522832  netprofm - ok
22:51:21.0945 522832  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:51:21.0948 522832  NetTcpActivator - ok
22:51:21.0959 522832  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:51:21.0962 522832  NetTcpPortSharing - ok
22:51:22.0079 522832  [ ED75ABE7F5567C9E4C721325AA05E15C ] NETw3v64        C:\Windows\system32\DRIVERS\NETw3v64.sys
22:51:22.0156 522832  NETw3v64 - ok
22:51:22.0191 522832  NETw5v64 - ok
22:51:22.0501 522832  [ B72C97693A13E7C5806F05ADFDB2388D ] NETwNv64        C:\Windows\system32\DRIVERS\NETwNv64.sys
22:51:22.0706 522832  NETwNv64 - ok
22:51:22.0769 522832  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:51:22.0772 522832  nfrd960 - ok
22:51:22.0842 522832  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:51:22.0850 522832  NlaSvc - ok
22:51:22.0874 522832  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:51:22.0877 522832  Npfs - ok
22:51:22.0913 522832  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
22:51:22.0918 522832  nsi - ok
22:51:22.0935 522832  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:51:22.0938 522832  nsiproxy - ok
22:51:23.0017 522832  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:51:23.0062 522832  Ntfs - ok
22:51:23.0097 522832  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
22:51:23.0100 522832  Null - ok
22:51:23.0122 522832  [ 840EEB44DC49317A6161961F7682CD99 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:51:23.0128 522832  nvraid - ok
22:51:23.0167 522832  [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:51:23.0172 522832  nvstor - ok
22:51:23.0190 522832  [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:51:23.0249 522832  nv_agp - ok
22:51:23.0257 522832  NwlnkFlt - ok
22:51:23.0267 522832  NwlnkFwd - ok
22:51:23.0377 522832  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:51:23.0389 522832  odserv - ok
22:51:23.0427 522832  [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:51:23.0432 522832  ohci1394 - ok
22:51:23.0472 522832  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:51:23.0477 522832  ose - ok
22:51:23.0535 522832  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:51:23.0568 522832  p2pimsvc - ok
22:51:23.0602 522832  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
22:51:23.0614 522832  p2psvc - ok
22:51:23.0662 522832  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
22:51:23.0666 522832  Parport - ok
22:51:23.0721 522832  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:51:23.0724 522832  partmgr - ok
22:51:23.0747 522832  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:51:23.0752 522832  PcaSvc - ok
22:51:23.0779 522832  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
22:51:23.0786 522832  pci - ok
22:51:23.0818 522832  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
22:51:23.0821 522832  pciide - ok
22:51:23.0850 522832  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:51:23.0858 522832  pcmcia - ok
22:51:23.0919 522832  [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
22:51:23.0924 522832  pcouffin - ok
22:51:23.0973 522832  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:51:23.0997 522832  PEAUTH - ok
22:51:24.0082 522832  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:51:24.0085 522832  PerfHost - ok
22:51:24.0165 522832  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
22:51:24.0209 522832  pla - ok
22:51:24.0293 522832  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:51:24.0304 522832  PlugPlay - ok
22:51:24.0335 522832  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:51:24.0346 522832  PNRPAutoReg - ok
22:51:24.0379 522832  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:51:24.0389 522832  PNRPsvc - ok
22:51:24.0429 522832  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:51:24.0452 522832  PolicyAgent - ok
22:51:24.0483 522832  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:51:24.0488 522832  PptpMiniport - ok
22:51:24.0521 522832  [ 6BC78E5F12CBB74E7930AAAA4A0DB387 ] Processor       C:\Windows\system32\drivers\processr.sys
22:51:24.0525 522832  Processor - ok
22:51:24.0574 522832  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
22:51:24.0581 522832  ProfSvc - ok
22:51:24.0597 522832  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
22:51:24.0599 522832  ProtectedStorage - ok
22:51:24.0630 522832  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:51:24.0634 522832  PSched - ok
22:51:24.0670 522832  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
22:51:24.0674 522832  PxHlpa64 - ok
22:51:24.0768 522832  [ 4A29D25704917161BAD9B4659A248DFD ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:51:24.0802 522832  ql2300 - ok
22:51:24.0833 522832  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:51:24.0839 522832  ql40xx - ok
22:51:24.0893 522832  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
22:51:24.0902 522832  QWAVE - ok
22:51:24.0914 522832  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:51:24.0917 522832  QWAVEdrv - ok
22:51:24.0946 522832  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:51:24.0949 522832  RasAcd - ok
22:51:24.0962 522832  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
22:51:24.0968 522832  RasAuto - ok
22:51:24.0996 522832  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:25.0001 522832  Rasl2tp - ok
22:51:25.0027 522832  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
22:51:25.0037 522832  RasMan - ok
22:51:25.0071 522832  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:51:25.0075 522832  RasPppoe - ok
22:51:25.0093 522832  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:51:25.0097 522832  RasSstp - ok
22:51:25.0116 522832  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:51:25.0125 522832  rdbss - ok
22:51:25.0143 522832  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:51:25.0146 522832  RDPCDD - ok
22:51:25.0209 522832  [ 2D98DDA8EDCE73DF99854BF3692CCC87 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:51:25.0254 522832  rdpdr - ok
22:51:25.0262 522832  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:51:25.0265 522832  RDPENCDD - ok
22:51:25.0328 522832  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:51:25.0336 522832  RDPWD - ok
22:51:25.0419 522832  [ 23120A62DFA0109FDED9218BE5F7D460 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:51:25.0452 522832  RegSrvc - ok
22:51:25.0477 522832  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:51:25.0482 522832  RemoteAccess - ok
22:51:25.0514 522832  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:51:25.0522 522832  RemoteRegistry - ok
22:51:25.0554 522832  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
22:51:25.0557 522832  RpcLocator - ok
22:51:25.0588 522832  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
22:51:25.0599 522832  RpcSs - ok
22:51:25.0630 522832  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:51:25.0634 522832  rspndr - ok
22:51:25.0677 522832  [ C02FF907A2DE4F6C6F7E34FBAD08660E ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
22:51:25.0681 522832  RTL8023x64 - ok
22:51:25.0731 522832  [ B263B3AEBCDE2210D1CC25756601B8EA ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh64.sys
22:51:25.0740 522832  RTL8169 - ok
22:51:25.0772 522832  [ 108729909CE285A352A1D1CB96BB1B2E ] RTSTOR          C:\Windows\system32\drivers\RTSTOR64.SYS
22:51:25.0777 522832  RTSTOR - ok
22:51:25.0796 522832  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
22:51:25.0799 522832  SamSs - ok
22:51:25.0857 522832  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:51:25.0980 522832  sbp2port - ok
22:51:26.0044 522832  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:51:26.0051 522832  SCardSvr - ok
22:51:26.0108 522832  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
22:51:26.0142 522832  Schedule - ok
22:51:26.0175 522832  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:51:26.0177 522832  SCPolicySvc - ok
22:51:26.0216 522832  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:51:26.0223 522832  SDRSVC - ok
22:51:26.0309 522832  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:51:26.0313 522832  secdrv - ok
22:51:26.0336 522832  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
22:51:26.0340 522832  seclogon - ok
22:51:26.0368 522832  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
22:51:26.0372 522832  SENS - ok
22:51:26.0390 522832  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:51:26.0393 522832  Serenum - ok
22:51:26.0464 522832  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
22:51:26.0469 522832  Serial - ok
22:51:26.0522 522832  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:51:26.0525 522832  sermouse - ok
22:51:26.0566 522832  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:51:26.0572 522832  SessionEnv - ok
22:51:26.0607 522832  [ 541B32F8D6B2DCB92EC43BAB267E79EA ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:51:26.0611 522832  sffdisk - ok
22:51:26.0623 522832  [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:51:26.0627 522832  sffp_mmc - ok
22:51:26.0650 522832  [ 67EDC221348911E895AF51C57D9A3725 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:51:26.0653 522832  sffp_sd - ok
22:51:26.0666 522832  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:51:26.0670 522832  sfloppy - ok
22:51:26.0763 522832  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:51:26.0773 522832  SharedAccess - ok
22:51:26.0807 522832  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:51:26.0818 522832  ShellHWDetection - ok
22:51:26.0852 522832  [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:51:26.0856 522832  SiSRaid2 - ok
22:51:26.0877 522832  [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:51:26.0882 522832  SiSRaid4 - ok
22:51:26.0938 522832  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
22:51:26.0944 522832  SkypeUpdate - ok
22:51:27.0043 522832  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
22:51:27.0120 522832  slsvc - ok
22:51:27.0146 522832  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:51:27.0153 522832  SLUINotify - ok
22:51:27.0166 522832  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:51:27.0170 522832  Smb - ok
22:51:27.0208 522832  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:51:27.0212 522832  SNMPTRAP - ok
22:51:27.0279 522832  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
22:51:27.0283 522832  spldr - ok
22:51:27.0318 522832  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
22:51:27.0329 522832  Spooler - ok
22:51:27.0368 522832  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:51:27.0381 522832  srv - ok
22:51:27.0408 522832  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:51:27.0414 522832  srv2 - ok
22:51:27.0448 522832  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:51:27.0454 522832  srvnet - ok
22:51:27.0480 522832  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:51:27.0488 522832  SSDPSRV - ok
22:51:27.0502 522832  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:51:27.0509 522832  SstpSvc - ok
22:51:27.0548 522832  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
22:51:27.0571 522832  stisvc - ok
22:51:27.0602 522832  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:51:27.0605 522832  swenum - ok
22:51:27.0651 522832  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
22:51:27.0673 522832  swprv - ok
22:51:27.0713 522832  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:51:27.0716 522832  Symc8xx - ok
22:51:27.0739 522832  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:51:27.0743 522832  Sym_hi - ok
22:51:27.0774 522832  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:51:27.0778 522832  Sym_u3 - ok
22:51:27.0834 522832  [ D8EDB37F6E235A47E12F1EAFD85C2B6F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:51:27.0844 522832  SynTP - ok
22:51:27.0883 522832  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
22:51:27.0916 522832  SysMain - ok
22:51:27.0951 522832  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:51:27.0957 522832  TabletInputService - ok
22:51:27.0982 522832  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:51:27.0995 522832  TapiSrv - ok
22:51:28.0014 522832  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
22:51:28.0019 522832  TBS - ok
22:51:28.0082 522832  [ C2CB949645C299E23FBFD26CAD3FC96E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:51:28.0127 522832  Tcpip - ok
22:51:28.0183 522832  [ C2CB949645C299E23FBFD26CAD3FC96E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:51:28.0199 522832  Tcpip6 - ok
22:51:28.0233 522832  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:51:28.0244 522832  tcpipreg - ok
22:51:28.0370 522832  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:51:28.0373 522832  TDPIPE - ok
22:51:28.0402 522832  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:51:28.0406 522832  TDTCP - ok
22:51:28.0436 522832  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:51:28.0441 522832  tdx - ok
22:51:28.0469 522832  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:51:28.0473 522832  TermDD - ok
22:51:28.0500 522832  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
22:51:28.0523 522832  TermService - ok
22:51:28.0550 522832  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
22:51:28.0556 522832  Themes - ok
22:51:28.0570 522832  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
22:51:28.0572 522832  THREADORDER - ok
22:51:28.0611 522832  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
22:51:28.0617 522832  TrkWks - ok
22:51:28.0669 522832  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:51:28.0672 522832  TrustedInstaller - ok
22:51:28.0712 522832  [ B2388462329ACD17AF50D8701E0C1B18 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:51:28.0716 522832  tssecsrv - ok
22:51:28.0820 522832  [ 0DF0076BD0758969E8ACC1581EEC1F79 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
22:51:28.0875 522832  TuneUp.UtilitiesSvc - ok
22:51:28.0894 522832  [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
22:51:28.0898 522832  TuneUpUtilitiesDrv - ok
22:51:28.0929 522832  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:51:28.0931 522832  tunmp - ok
22:51:28.0970 522832  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:51:28.0973 522832  tunnel - ok
22:51:28.0993 522832  [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:51:28.0996 522832  TVALZ - ok
22:51:29.0042 522832  [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:51:29.0046 522832  uagp35 - ok
22:51:29.0070 522832  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:51:29.0079 522832  udfs - ok
22:51:29.0130 522832  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:51:29.0135 522832  UI0Detect - ok
22:51:29.0164 522832  [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:51:29.0168 522832  uliagpkx - ok
22:51:29.0192 522832  [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:51:29.0237 522832  uliahci - ok
22:51:29.0258 522832  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:51:29.0265 522832  UlSata - ok
22:51:29.0294 522832  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:51:29.0301 522832  ulsata2 - ok
22:51:29.0365 522832  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:51:29.0369 522832  umbus - ok
22:51:29.0391 522832  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
22:51:29.0401 522832  upnphost - ok
22:51:29.0433 522832  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:51:29.0437 522832  USBAAPL64 - ok
22:51:29.0464 522832  [ 5FCC71487888589A9244AF54CFEFAB29 ] usbbus          C:\Windows\system32\DRIVERS\lgx64bus.sys
22:51:29.0467 522832  usbbus - ok
22:51:29.0493 522832  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:51:29.0497 522832  usbccgp - ok
22:51:29.0530 522832  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:51:29.0535 522832  usbcir - ok
22:51:29.0572 522832  [ 3FB6E423F7567C92C32EA786F5FD0C69 ] UsbDiag         C:\Windows\system32\DRIVERS\lgx64diag.sys
22:51:29.0577 522832  UsbDiag - ok
22:51:29.0617 522832  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:51:29.0622 522832  usbehci - ok
22:51:29.0657 522832  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:51:29.0665 522832  usbhub - ok
22:51:29.0696 522832  [ 78D551F5B93488B4666F5FC8DD4815F3 ] USBModem        C:\Windows\system32\DRIVERS\lgx64modem.sys
22:51:29.0700 522832  USBModem - ok
22:51:29.0739 522832  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:51:29.0743 522832  usbohci - ok
22:51:29.0759 522832  [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
22:51:29.0763 522832  usbprint - ok
22:51:29.0792 522832  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:51:29.0796 522832  USBSTOR - ok
22:51:29.0821 522832  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:51:29.0824 522832  usbuhci - ok
22:51:29.0860 522832  [ FC33099877790D51B0927B7039059855 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:51:29.0866 522832  usbvideo - ok
22:51:29.0896 522832  [ 56ED086F1300ECB1E6F67AC43955E5E9 ] UVCFTR          C:\Windows\system32\Drivers\UVCFTR_S.SYS
22:51:29.0899 522832  UVCFTR - ok
22:51:29.0927 522832  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
22:51:29.0932 522832  UxSms - ok
22:51:29.0953 522832  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
22:51:29.0976 522832  vds - ok
22:51:30.0004 522832  [ 2998DC48905E9B4821AD8FD75B3E070C ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:51:30.0008 522832  vga - ok
22:51:30.0026 522832  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:51:30.0029 522832  VgaSave - ok
22:51:30.0046 522832  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
22:51:30.0050 522832  viaide - ok
22:51:30.0083 522832  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:51:30.0087 522832  volmgr - ok
22:51:30.0130 522832  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:51:30.0145 522832  volmgrx - ok
22:51:30.0182 522832  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:51:30.0191 522832  volsnap - ok
22:51:30.0229 522832  [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:51:30.0239 522832  vsmraid - ok
22:51:30.0306 522832  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
22:51:30.0353 522832  VSS - ok
22:51:30.0381 522832  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
22:51:30.0394 522832  W32Time - ok
22:51:30.0418 522832  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:51:30.0422 522832  WacomPen - ok
22:51:30.0445 522832  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:51:30.0450 522832  Wanarp - ok
22:51:30.0457 522832  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:51:30.0459 522832  Wanarpv6 - ok
22:51:30.0487 522832  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:51:30.0510 522832  wcncsvc - ok
22:51:30.0533 522832  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:51:30.0538 522832  WcsPlugInService - ok
22:51:30.0556 522832  [ 59B501B0A04C9672142B7FFA2BDBF663 ] Wd              C:\Windows\system32\drivers\wd.sys
22:51:30.0559 522832  Wd - ok
22:51:30.0591 522832  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
22:51:30.0595 522832  WDC_SAM - ok
22:51:30.0700 522832  [ 7DEDECC376B29A973A0F3384D135F2DA ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
22:51:30.0709 522832  WDDMService - ok
22:51:30.0839 522832  [ B5B84712111414DD1B14C2346E9868BE ] WDDriveService  C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
22:51:30.0843 522832  WDDriveService - ok
22:51:30.0885 522832  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:51:30.0964 522832  Wdf01000 - ok
22:51:31.0041 522832  [ 8E798F577A684A5F1E464D954C6C7F1E ] WDFMEService    C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
22:51:31.0096 522832  WDFMEService - ok
22:51:31.0135 522832  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:51:31.0140 522832  WdiServiceHost - ok
22:51:31.0148 522832  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:51:31.0152 522832  WdiSystemHost - ok
22:51:31.0211 522832  [ 65D571576E366067C22F22B3E919EF8C ] WDRulesService  C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
22:51:31.0228 522832  WDRulesService - ok
22:51:31.0301 522832  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
22:51:31.0311 522832  WebClient - ok
22:51:31.0347 522832  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:51:31.0356 522832  Wecsvc - ok
22:51:31.0391 522832  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:51:31.0397 522832  wercplsupport - ok
22:51:31.0427 522832  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
22:51:31.0433 522832  WerSvc - ok
22:51:31.0462 522832  WinDefend - ok
22:51:31.0487 522832  WinHttpAutoProxySvc - ok
22:51:31.0547 522832  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:51:31.0553 522832  Winmgmt - ok
22:51:31.0640 522832  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:51:31.0697 522832  WinRM - ok
22:51:31.0751 522832  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:51:31.0773 522832  Wlansvc - ok
22:51:31.0821 522832  [ AE34218455D5DC12D1E45DE85F160346 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:51:31.0824 522832  WmiAcpi - ok
22:51:31.0866 522832  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:51:31.0873 522832  wmiApSrv - ok
22:51:31.0906 522832  WMPNetworkSvc - ok
22:51:31.0940 522832  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:51:31.0948 522832  WPCSvc - ok
22:51:31.0980 522832  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:51:31.0986 522832  WPDBusEnum - ok
22:51:32.0018 522832  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:51:32.0021 522832  WpdUsb - ok
22:51:32.0156 522832  [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:51:32.0189 522832  WPFFontCache_v0400 - ok
22:51:32.0242 522832  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:51:32.0245 522832  ws2ifsl - ok
22:51:32.0296 522832  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
22:51:32.0301 522832  wscsvc - ok
22:51:32.0349 522832  [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
22:51:32.0352 522832  WSDPrintDevice - ok
22:51:32.0388 522832  [ C48E6EF92BE6BFEF9EE2430C42EAF2BD ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
22:51:32.0392 522832  WSDScan - ok
22:51:32.0399 522832  WSearch - ok
22:51:32.0492 522832  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:51:32.0563 522832  wuauserv - ok
22:51:32.0600 522832  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:51:32.0605 522832  WUDFRd - ok
22:51:32.0624 522832  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:51:32.0630 522832  wudfsvc - ok
22:51:32.0658 522832  ================ Scan global ===============================
22:51:32.0699 522832  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
22:51:32.0736 522832  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
22:51:32.0780 522832  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
22:51:32.0822 522832  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
22:51:32.0833 522832  [Global] - ok
22:51:32.0834 522832  ================ Scan MBR ==================================
22:51:32.0853 522832  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:51:33.0139 522832  \Device\Harddisk0\DR0 - ok
22:51:33.0144 522832  ================ Scan VBR ==================================
22:51:33.0149 522832  [ DC04B3F82C3C334534A1A98EAF2C3812 ] \Device\Harddisk0\DR0\Partition1
22:51:33.0152 522832  \Device\Harddisk0\DR0\Partition1 - ok
22:51:33.0153 522832  ============================================================
22:51:33.0153 522832  Scan finished
22:51:33.0153 522832  ============================================================
22:51:33.0172 518316  Detected object count: 0
22:51:33.0172 518316  Actual detected object count: 0
 

AdwCleaner:

 

# AdwCleaner v3.006 - Report created 08/10/2013 at 22:57:27
# Updated 01/10/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\user.js
Folder Found C:\Users\John\AppData\LocalLow\Toolbar4
Folder Found C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\ConduitCommon
Folder Found C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\jetpack

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\prefs.js ]

Line Found : user_pref("CT2260173..clientLogIsEnabled", false);
Line Found : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2260173.AppTrackingLastCheckTime", "Wed Jul 13 2011 19:16:22 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.CT2260173", "CT2260173");
Line Found : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Line Found : user_pref("CT2260173.CurrentServerDate", "18-7-2011");
Line Found : user_pref("CT2260173.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2260173.DialogsGetterLastCheckTime", "Mon Jul 18 2011 20:01:15 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.DownloadReferralCookieData", "");
Line Found : user_pref("CT2260173.EnableClickToSearchBox", false);
Line Found : user_pref("CT2260173.EnableSearchHistory", false);
Line Found : user_pref("CT2260173.EnableSearchSuggest", false);
Line Found : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Line Found : user_pref("CT2260173.FeedPollDate128940659196275477", "Mon Jul 18 2011 20:06:17 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.FeedPollDate128940659574712536", "Mon Jul 18 2011 20:01:15 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Line Found : user_pref("CT2260173.FirstServerDate", "1-7-2011");
Line Found : user_pref("CT2260173.FirstTime", true);
Line Found : user_pref("CT2260173.FirstTimeFF3", true);
Line Found : user_pref("CT2260173.FixPageNotFoundErrors", false);
Line Found : user_pref("CT2260173.GroupingInvalidateCache", false);
Line Found : user_pref("CT2260173.GroupingLastCheckTime", "0");
Line Found : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Line Found : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2260173.HasUserGlobalKeys", true);
Line Found : user_pref("CT2260173.HomePageProtectorEnabled", false);
Line Found : user_pref("CT2260173.Initialize", true);
Line Found : user_pref("CT2260173.InitializeCommonPrefs", true);
Line Found : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2260173.InstalledDate", "Fri Jul 01 2011 12:05:14 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.InvalidateCache", false);
Line Found : user_pref("CT2260173.IsAlertDBUpdated", true);
Line Found : user_pref("CT2260173.IsGrouping", false);
Line Found : user_pref("CT2260173.IsInitSetupIni", true);
Line Found : user_pref("CT2260173.IsMulticommunity", false);
Line Found : user_pref("CT2260173.IsOpenThankYouPage", true);
Line Found : user_pref("CT2260173.IsOpenUninstallPage", true);
Line Found : user_pref("CT2260173.IsProtectorsInit", true);
Line Found : user_pref("CT2260173.LanguagePackLastCheckTime", "Mon Jul 18 2011 10:32:34 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2260173.LastLogin_3.5.0.12", "Mon Jul 18 2011 16:23:24 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.LatestVersion", "3.3.5.1");
Line Found : user_pref("CT2260173.Locale", "en");
Line Found : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2260173.MCDetectTooltipShow", false);
Line Found : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2260173.OriginalFirstVersion", "3.5.0.12");
Line Found : user_pref("CT2260173.RadioLastCheckTime", "0");
Line Found : user_pref("CT2260173.RadioLastUpdateIPServer", "0");
Line Found : user_pref("CT2260173.RadioLastUpdateServer", "0");
Line Found : user_pref("CT2260173.SavedHomepage", "google.com");
Line Found : user_pref("CT2260173.SearchBackToDefaultEngine", false);
Line Found : user_pref("CT2260173.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2260173&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Found : user_pref("CT2260173.SearchEngineBeforeUnload", "Swag Bucks Customized Web Search");
Line Found : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=");
Line Found : user_pref("CT2260173.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Mon Jul 18 2011 10:32:29 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2260173.SearchInNewTabUserEnabled", false);
Line Found : user_pref("CT2260173.SearchProtectorEnabled", true);
Line Found : user_pref("CT2260173.SearchProtectorToolbarDisabled", true);
Line Found : user_pref("CT2260173.ServiceMapLastCheckTime", "Mon Jul 18 2011 10:32:31 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.SettingsLastCheckTime", "Mon Jul 18 2011 20:01:14 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.SettingsLastUpdate", "1310989086");
Line Found : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Fri Jul 01 2011 12:05:12 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1246786978");
Line Found : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Line Found : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2260173.UserID", "UN37656144002001485");
Line Found : user_pref("CT2260173.ValidationData_Search", 2);
Line Found : user_pref("CT2260173.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2260173.WeatherNetwork", "");
Line Found : user_pref("CT2260173.WeatherPollDate", "Mon Jul 18 2011 20:01:16 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.WeatherUnit", "F");
Line Found : user_pref("CT2260173.alertChannelId", "657446");
Line Found : user_pref("CT2260173.approveUntrustedApps", false);
Line Found : user_pref("CT2260173.components.1000034", false);
Line Found : user_pref("CT2260173.components.1000080", true);
Line Found : user_pref("CT2260173.components.1000082", false);
Line Found : user_pref("CT2260173.components.1000234", true);
Line Found : user_pref("CT2260173.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\"}");
Line Found : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Mon Jul 18 2011 20:01:15 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2260173.initDone", true);
Line Found : user_pref("CT2260173.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2260173.myStuffEnabled", true);
Line Found : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128940706283150316,129441809115231739,128940706522681543,128940651219556906,128941656432219667,12894165[...]
Line Found : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2260173.testingCtid", "");
Line Found : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Mon Jul 18 2011 10:32:34 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Fri Jul 15 2011 14:06:39 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2260173.usageEnabled", false);
Line Found : user_pref("CT2260173.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:104c\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:104c\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173", "\"634434930587600000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2260173/CT2260173", "\"1310989086\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634461627320900000\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\John\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w0vmruzj.default\\conduitCommon\\modules\\3.5.0.12");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://toolbartv.swagbucks.com", "574x1");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Line Found : user_pref("CommunityToolbar.facebook.alerts.enabled", true);
Line Found : user_pref("CommunityToolbar.facebook.alerts.eventsEnabled", true);
Line Found : user_pref("CommunityToolbar.facebook.alerts.friendReqEnabled", true);
Line Found : user_pref("CommunityToolbar.facebook.alerts.groupsEnabled", true);
Line Found : user_pref("CommunityToolbar.facebook.alerts.inboxEnabled", true);
Line Found : user_pref("CommunityToolbar.facebook.alerts.newsFeedsEnabled", false);
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 18 2011 10:32:29 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "a9be98ee-cfdc-4fb2-8512-ceff27ac424b");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 15 2011 14:06:34 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 01 2011 12:05:22 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 18 2011 10:32:29 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "d2f814bd-7172-4647-b3db-648172343ee6");
Line Found : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=");

*************************

AdwCleaner[R0].txt - [18269 octets] - [08/10/2013 22:57:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18330 octets] ##########
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 AM

Posted 09 October 2013 - 07:09 AM

Hi,
 
81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 

ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 jilliansman

jilliansman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 09 October 2013 - 07:50 AM

I disabled AVG before running CF, but it said that it was still enabled?!?! Also, after restarting and starting Firefox, I still ave the popup. Here are the logs:

 

EDIT: Also I noticed after re-starting Firefox it told me it was no longer the default browser and I noticed on my desktop there is a "The Internet" icon i guess for Internet Explorer, which I never use. Guess it was installed after running CF?!?!

 

# AdwCleaner v3.007 - Report created 09/10/2013 at 08:24:43
# Updated 09/10/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Users\John\AppData\LocalLow\Toolbar4
[!] Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\ConduitCommon
[!] Folder Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\jetpack
File Deleted : C:\END
File Deleted : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\prefs.js ]

Line Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2260173.AppTrackingLastCheckTime", "Wed Jul 13 2011 19:16:22 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.CT2260173", "CT2260173");
Line Deleted : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
Line Deleted : user_pref("CT2260173.CurrentServerDate", "18-7-2011");
Line Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Mon Jul 18 2011 20:01:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2260173.EnableClickToSearchBox", false);
Line Deleted : user_pref("CT2260173.EnableSearchHistory", false);
Line Deleted : user_pref("CT2260173.EnableSearchSuggest", false);
Line Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
Line Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Mon Jul 18 2011 20:06:17 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Mon Jul 18 2011 20:01:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
Line Deleted : user_pref("CT2260173.FirstServerDate", "1-7-2011");
Line Deleted : user_pref("CT2260173.FirstTime", true);
Line Deleted : user_pref("CT2260173.FirstTimeFF3", true);
Line Deleted : user_pref("CT2260173.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2260173.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2260173.GroupingLastCheckTime", "0");
Line Deleted : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
Line Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2260173.Initialize", true);
Line Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2260173.InstalledDate", "Fri Jul 01 2011 12:05:14 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.InvalidateCache", false);
Line Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2260173.IsGrouping", false);
Line Deleted : user_pref("CT2260173.IsInitSetupIni", true);
Line Deleted : user_pref("CT2260173.IsMulticommunity", false);
Line Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2260173.IsProtectorsInit", true);
Line Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Mon Jul 18 2011 10:32:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2260173.LastLogin_3.5.0.12", "Mon Jul 18 2011 16:23:24 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.LatestVersion", "3.3.5.1");
Line Deleted : user_pref("CT2260173.Locale", "en");
Line Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2260173.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2260173.OriginalFirstVersion", "3.5.0.12");
Line Deleted : user_pref("CT2260173.RadioLastCheckTime", "0");
Line Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
Line Deleted : user_pref("CT2260173.SavedHomepage", "google.com");
Line Deleted : user_pref("CT2260173.SearchBackToDefaultEngine", false);
Line Deleted : user_pref("CT2260173.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2260173&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Swag Bucks Customized Web Search");
Line Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=");
Line Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Mon Jul 18 2011 10:32:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2260173.SearchInNewTabUserEnabled", false);
Line Deleted : user_pref("CT2260173.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Mon Jul 18 2011 10:32:31 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Mon Jul 18 2011 20:01:14 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.SettingsLastUpdate", "1310989086");
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Fri Jul 01 2011 12:05:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1246786978");
Line Deleted : user_pref("CT2260173.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
Line Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2260173.UserID", "UN37656144002001485");
Line Deleted : user_pref("CT2260173.ValidationData_Search", 2);
Line Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2260173.WeatherNetwork", "");
Line Deleted : user_pref("CT2260173.WeatherPollDate", "Mon Jul 18 2011 20:01:16 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.WeatherUnit", "F");
Line Deleted : user_pref("CT2260173.alertChannelId", "657446");
Line Deleted : user_pref("CT2260173.approveUntrustedApps", false);
Line Deleted : user_pref("CT2260173.components.1000034", false);
Line Deleted : user_pref("CT2260173.components.1000080", true);
Line Deleted : user_pref("CT2260173.components.1000082", false);
Line Deleted : user_pref("CT2260173.components.1000234", true);
Line Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\"}");
Line Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Mon Jul 18 2011 20:01:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2260173.initDone", true);
Line Deleted : user_pref("CT2260173.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2260173.myStuffEnabled", true);
Line Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128940706283150316,129441809115231739,128940706522681543,128940651219556906,128941656432219667,12894165[...]
Line Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2260173.testingCtid", "");
Line Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Mon Jul 18 2011 10:32:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Fri Jul 15 2011 14:06:39 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173.usageEnabled", false);
Line Deleted : user_pref("CT2260173.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2260173&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Swag Bucks Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:104c\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:104c\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173", "\"634434930587600000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2260173/CT2260173", "\"1310989086\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634461627320900000\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\John\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\w0vmruzj.default\\conduitCommon\\modules\\3.5.0.12");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://toolbartv.swagbucks.com", "574x1");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2260173");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2260173");
Line Deleted : user_pref("CommunityToolbar.facebook.alerts.enabled", true);
Line Deleted : user_pref("CommunityToolbar.facebook.alerts.eventsEnabled", true);
Line Deleted : user_pref("CommunityToolbar.facebook.alerts.friendReqEnabled", true);
Line Deleted : user_pref("CommunityToolbar.facebook.alerts.groupsEnabled", true);
Line Deleted : user_pref("CommunityToolbar.facebook.alerts.inboxEnabled", true);
Line Deleted : user_pref("CommunityToolbar.facebook.alerts.newsFeedsEnabled", false);
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 18 2011 10:32:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "a9be98ee-cfdc-4fb2-8512-ceff27ac424b");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 15 2011 14:06:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 01 2011 12:05:22 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 18 2011 10:32:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "d2f814bd-7172-4647-b3db-648172343ee6");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Swag Bucks Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=");

*************************

AdwCleaner[R0].txt - [18463 octets] - [08/10/2013 22:57:27]
AdwCleaner[R1].txt - [18778 octets] - [09/10/2013 08:23:31]
AdwCleaner[S0].txt - [18281 octets] - [09/10/2013 08:24:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18342 octets] ##########
 

 

ComboFix 13-10-08.01 - John 10/09/2013   8:33.1.2 - x64 DSREPAIR
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3963.2615 [GMT -4:00]
Running from: c:\users\John\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\John\AppData\Roaming\chrtmp
c:\users\John\AppData\Roaming\inst.exe
c:\users\John\AppData\Roaming\vso_ts_preview.xml
c:\windows\wininit.ini
c:\windows\XSxS
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-09 to 2013-10-09  )))))))))))))))))))))))))))))))
.
.
2013-10-09 12:43 . 2013-10-09 12:43    --------    d-----w-    c:\users\John\AppData\Local\temp
2013-10-09 12:43 . 2013-10-09 12:43    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-09 02:57 . 2013-10-09 12:24    --------    d-----w-    C:\AdwCleaner
2013-10-06 16:29 . 2013-10-06 17:01    --------    d-----w-    c:\program files (x86)\Advanced Fix 2013
2013-10-04 21:28 . 2013-10-04 21:28    --------    d-----w-    c:\program files\iPod
2013-10-04 21:28 . 2013-10-04 21:29    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 21:28 . 2013-10-04 21:29    --------    d-----w-    c:\program files\iTunes
2013-09-27 15:14 . 2013-09-27 15:14    --------    d-----w-    c:\users\John\AppData\Local\Western_Digital
2013-09-27 15:11 . 2013-09-27 15:26    --------    d-----w-    c:\programdata\Western Digital
2013-09-27 15:11 . 2013-09-27 15:11    --------    d-----w-    c:\program files\Western Digital
2013-09-27 15:09 . 2013-09-27 15:09    --------    d-----w-    c:\windows\LastGood
2013-09-27 15:08 . 2013-09-27 15:16    --------    d-----w-    c:\program files (x86)\Western Digital
2013-09-27 15:08 . 2013-09-27 15:08    --------    d-----w-    c:\program files (x86)\Common Files\Western Digital
2013-09-27 15:07 . 2013-09-27 15:12    --------    d-----w-    c:\users\John\AppData\Local\Western Digital
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-01 00:17 . 2012-05-05 18:37    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-01 00:17 . 2011-06-16 14:56    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 05:43 . 2013-09-05 05:43    45880    ----a-w-    c:\windows\system32\drivers\avgrkx64.sys
2013-08-31 20:54 . 2006-11-02 12:35    78161360    ----a-w-    c:\windows\system32\mrt.exe
2013-08-26 09:13 . 2013-08-26 09:13    354656    ----a-w-    c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-08-07 22:54 . 2013-08-07 22:54    94208    ----a-w-    c:\windows\SysWow64\dpl100.dll
2013-08-02 14:06 . 2013-08-31 20:47    1706496    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-02 04:09 . 2013-08-31 20:47    1548288    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-25 03:54 . 2013-08-31 20:49    17830400    ----a-w-    c:\windows\system32\mshtml.dll
2013-07-25 03:37 . 2013-08-31 20:49    2312704    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-25 03:35 . 2013-08-31 20:49    10926080    ----a-w-    c:\windows\system32\ieframe.dll
2013-07-25 03:31 . 2013-08-31 20:49    1346560    ----a-w-    c:\windows\system32\urlmon.dll
2013-07-25 03:30 . 2013-08-31 20:49    1392128    ----a-w-    c:\windows\system32\wininet.dll
2013-07-25 03:29 . 2013-08-31 20:49    1494528    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-25 03:29 . 2013-08-31 20:49    237056    ----a-w-    c:\windows\system32\url.dll
2013-07-25 03:29 . 2013-08-31 20:49    86016    ----a-w-    c:\windows\system32\jsproxy.dll
2013-07-25 03:28 . 2013-08-31 20:49    173056    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-25 03:28 . 2013-08-31 20:49    599040    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-25 03:28 . 2013-08-31 20:49    816640    ----a-w-    c:\windows\system32\jscript.dll
2013-07-25 03:28 . 2013-08-31 20:49    2147840    ----a-w-    c:\windows\system32\iertutil.dll
2013-07-25 03:28 . 2013-08-31 20:49    729088    ----a-w-    c:\windows\system32\msfeeds.dll
2013-07-25 03:27 . 2013-08-31 20:49    96768    ----a-w-    c:\windows\system32\mshtmled.dll
2013-07-25 03:27 . 2013-08-31 20:49    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-07-25 03:26 . 2013-08-31 20:49    248320    ----a-w-    c:\windows\system32\ieui.dll
2013-07-25 02:32 . 2013-08-31 20:49    1800704    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-07-25 02:26 . 2013-08-31 20:49    1129472    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-07-25 02:25 . 2013-08-31 20:49    1427968    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2013-07-25 02:23 . 2013-08-31 20:49    142848    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-07-25 02:23 . 2013-08-31 20:49    420864    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-07-25 02:22 . 2013-08-31 20:49    2382848    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-07-20 05:51 . 2013-07-20 05:51    311608    ----a-w-    c:\windows\system32\drivers\avgloga.sys
2013-07-20 05:50 . 2013-07-20 05:50    71480    ----a-w-    c:\windows\system32\drivers\avgidsha.sys
2013-07-20 05:50 . 2013-07-20 05:50    246072    ----a-w-    c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-20 05:50 . 2013-07-20 05:50    206648    ----a-w-    c:\windows\system32\drivers\avgldx64.sys
2013-07-17 20:01 . 2013-08-31 20:47    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-07-17 19:41 . 2013-08-31 20:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 20:27    158224    ----a-w-    c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
"Bonjour Service"="c:\program files\Bonjour\mDNSResponder.exe" [2011-08-31 462184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392]
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\excel.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\groove.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\infopath.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\msaccess.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\msoxmled.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\mspub.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\mstore.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\onenote.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\outlook.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\photoshop elements 7.0.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\photoshopelementseditor.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\photoshopelementsorganizer.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\pictureviewer.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\powerpnt.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\quicktimeplayer.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\vscontentinstaller.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\vslauncher.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\winword.exe]
"Debugger"="c:\program files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"Camera Assistant Software"="c:\program files (x86)\Camera Assistant Software for Toshiba\traybar.exe" /start
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
.
R4 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08 16:54]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08 16:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    164016    ----a-w-    c:\users\John\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 20:27    190480    ----a-w-    c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2010-03-02 21:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - (no file)
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-182873226-226750871-1890802548-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EB4687C2-68D8-B3BA-A298-FC228D186A1D}*]
"hagdocgflncdmgkl"=hex:6a,61,62,6d,67,70,65,65,68,62,6e,6e,65,6b,6a,6b,68,61,
   70,63,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-10-09  08:47:23
ComboFix-quarantined-files.txt  2013-10-09 12:47
.
Pre-Run: 225,283,899,392 bytes free
Post-Run: 225,203,343,360 bytes free
.
- - End Of File - - AB3B745FC0AB956B19425BBCD28DC117
5C616939100B85E558DA92B899A0FC36
 


Edited by jilliansman, 09 October 2013 - 08:24 AM.


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 AM

Posted 09 October 2013 - 09:03 PM

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jilliansman

jilliansman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 10 October 2013 - 08:44 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by John on Thu 10/10/2013 at  8:28:03.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\w0vmruzj.default\extensions\oneclickdownloader@oneclickdownloader.com.xpi
Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\w0vmruzj.default\minidumps [98 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/10/2013 at  8:40:00.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 AM

Posted 10 October 2013 - 09:22 AM

How is your system behaving?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 jilliansman

jilliansman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 10 October 2013 - 09:40 AM

Seems better. I havent had the VCL error since my first post in this thread. Also since I ran JRT, the popup doesnt seem to be happening. Seems good so far. Thank you. By the way, can you give me some info regarding what the issues were?...Do you know what the vcl error is? Or what the oneclickdownloader thing is? Thanks so much.



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 AM

Posted 10 October 2013 - 10:02 AM

1clickdownloader is a piece of malware that hijacks your browser.   :)  It seems to be gone now.
 
Let's check for anything else hiding in your system....
 
VBJ9QO9.jpgJava
 
Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:
 
http://java.com/en/download/index.jsp
----------
 
VBJ9QO9.jpgJava
See this page for instructions on how to clear java's cache.
 
Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

----------
 

GUZVCQN.jpgMalwarebytes
 
Please open Malwarebytes, update it and then run a Quick Scan.  Save the log that is created for your next reply.
----------
 

ESET Online Scanner
 
Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  • Close the ESET online scan, and let me know how things are now.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 jilliansman

jilliansman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 10 October 2013 - 02:01 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.10.05

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
John :: JOHN-PC [administrator]

10/10/2013 11:31:11 AM
mbam-log-2013-10-10 (11-31-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204096
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

C:\Program Files (x86)\Advanced Fix 2013\AdvancedFix.exe    probably a variant of Win32/RegistryNuke application
C:\Program Files (x86)\SlySoft\AnyDVD\ElbyCDIO.dll    a variant of Win32/Packed.Enigma.AAF trojan
C:\Windows\Installer\3e7ab24.msi    a variant of Win32/HiddenStart.A application

The PC seems to be running fine. I do have a couple of questions though.

 

Not sure if its related but usually a few times a day my flash plugin stops working when i using Firefox. Also when I open TM to see whats running there is usually 2 flash processes running. Cant remember exact names as it isnt running right now. One other question: the kids use a computer here in the house that is the main computer. If im using my laptop on the same network, can the laptop pick up spyware that they may be getting on their computer?

 

EDIT: Also i have just noticed google update helper in my programs list. I think its new. I went to uninstall it, but it wont et me. Any idea what I can do with that?

 

Thanks for all your help.
 


Edited by jilliansman, 10 October 2013 - 02:02 PM.


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 AM

Posted 10 October 2013 - 02:22 PM

Just to be on the safe side please do the following.....  You will need a USB drive for this....
 
N4qAiMQ.jpgFRST
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flash drive into the infected PC.
If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
 
If you are using Vista or Windows 7 enter System Recovery Options.

  • To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
 
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

  • To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

Select  >> Command Prompt

  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 jilliansman

jilliansman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 10 October 2013 - 03:40 PM

Im running Vista 64 bit. When I open the advanced boot options, there is no option called repair your computer. My options are:

 

Safe Mode

Safe Mode with Networking

Safe Mode with Command Prompt

 

Enable Boot logging

Enable low resolution video

Last Known Good Config

Directory Services Restore Mode

Debugging Mode

Disable Automatic restart on System Failure

Disable Driver Signature Enforcement

 

Start Windows Normally

 

Please let me know how to proceed.

Also after i clicked on the sign in link here on the forums, firefox stalled or froze up for a minute, and I noticed on the bottom status bar "waiting on cm.g doubleclick.net". After firefox unfroze, I got that shockwave flash unresponsive plugin error box again. After i get that error, is when i get the 2 processes show up in task manager. I have attahced 2 pics to show you exactly what i mean.

Attached Files



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:54 AM

Posted 11 October 2013 - 06:29 AM

Thanks for letting me know about how your system is running.  :)

 

Go ahead and run FRST from Normal Mode and post the new log when it is made.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 jilliansman

jilliansman
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:54 AM

Posted 11 October 2013 - 06:57 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by John (administrator) on JOHN-PC on 11-10-2013 07:53:43
Running from C:\Users\John\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-19] (Microsoft Corporation)
HKCU\...\Run: [Bonjour Service] - C:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-08-15] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe [1687968 2011-12-16] (Western Digital)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE74D680E4D87CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 -  No Name - {0C8413C1-FAD1-446C-8584-BE50576F863E} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\John\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: HTTPS-Everywhere - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\Extensions\https-everywhere@eff.org
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\Extensions\LogMeInClient@logmein.com
FF Extension: Microsoft .NET Framework Assistant - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\w0vmruzj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-07] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-07] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2072896 2011-10-14] (TuneUp Software)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [319384 2011-12-15] (WDC)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1977224 2011-12-15] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338264 2011-12-15] (Western Digital )

==================== Drivers (Whitelisted) ====================

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-12-04] (SlySoft, Inc.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-05] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [52736 2008-10-29] (Realtek Semiconductor Corporation                           )
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-13] (TuneUp Software)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-19] (Microsoft Corporation)
S1 Beep; No ImagePath
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 LMIRfsClientNP; No ImagePath
S3 NETw5v64; system32\DRIVERS\NETw5v64.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 07:53 - 2013-10-11 07:53 - 00000000 ____D C:\FRST
2013-10-10 23:04 - 2013-10-10 23:04 - 00000000 ____D C:\Program Files (x86)\Aurora
2013-10-10 22:31 - 2013-10-10 22:31 - 00830344 _____ (Adobe Systems Incorporated) C:\Users\John\Desktop\uninstall_flash_player.exe
2013-10-10 22:23 - 2013-10-10 22:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-10 22:23 - 2013-10-10 22:23 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 15:44 - 2013-10-10 15:44 - 00000558 _____ C:\Windows\PFRO.log
2013-10-10 15:31 - 2013-10-10 15:31 - 00002337 _____ C:\Users\John\Desktop\New Text Document (3).txt
2013-10-10 15:27 - 2013-10-10 15:27 - 01954124 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2013-10-10 14:55 - 2013-10-10 14:57 - 00000286 _____ C:\Users\John\Desktop\eset.txt
2013-10-10 11:39 - 2013-10-10 11:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-10 11:38 - 2013-10-10 11:38 - 02347384 _____ (ESET) C:\Users\John\Desktop\esetsmartinstaller_enu.exe
2013-10-10 11:17 - 2013-10-10 11:17 - 00000000 ____D C:\ProgramData\Oracle
2013-10-10 11:16 - 2013-10-10 11:15 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-10 11:16 - 2013-10-10 11:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-10 11:16 - 2013-10-10 11:15 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-10 11:16 - 2013-10-10 11:15 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-10 08:40 - 2013-10-10 08:40 - 00000931 _____ C:\Users\John\Desktop\JRT.txt
2013-10-10 08:27 - 2013-10-10 08:27 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 08:24 - 2013-10-10 08:24 - 01032220 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2013-10-09 08:47 - 2013-10-09 08:47 - 00022321 _____ C:\ComboFix.txt
2013-10-09 08:30 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-09 08:30 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-09 08:30 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-09 08:30 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-09 08:30 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-09 08:30 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-09 08:30 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-09 08:30 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-09 08:29 - 2013-10-09 08:47 - 00000000 ____D C:\Qoobox
2013-10-09 08:28 - 2013-10-09 08:44 - 00000000 ____D C:\Windows\erdnt
2013-10-09 08:23 - 2013-10-09 08:23 - 01048960 _____ C:\Users\John\Desktop\AdwCleaner.exe
2013-10-09 08:20 - 2013-10-09 08:20 - 05132072 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2013-10-08 22:57 - 2013-10-09 08:24 - 00000000 ____D C:\AdwCleaner
2013-10-08 22:50 - 2013-10-09 08:21 - 00002337 _____ C:\Users\John\Desktop\New Text Document (2).txt
2013-10-08 22:48 - 2013-10-08 22:48 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\John\Desktop\tdsskiller.exe
2013-10-07 13:43 - 2013-10-07 13:43 - 00018857 _____ C:\Users\John\Desktop\dds.txt
2013-10-07 13:43 - 2013-10-07 13:43 - 00013098 _____ C:\Users\John\Desktop\attach.txt
2013-10-07 13:21 - 2013-10-07 13:21 - 00688992 ____R (Swearware) C:\Users\John\Desktop\dds.com
2013-10-07 13:17 - 2013-10-07 13:17 - 00000000 _____ C:\Windows\setuperr.log
2013-10-07 13:17 - 2013-10-07 13:17 - 00000000 _____ C:\Windows\setupact.log
2013-10-06 12:29 - 2013-10-10 21:48 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2013-10-04 17:30 - 2013-10-04 17:30 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-04 17:28 - 2013-10-04 17:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 17:28 - 2013-10-04 17:29 - 00000000 ____D C:\Program Files\iTunes
2013-10-04 17:28 - 2013-10-04 17:28 - 00000000 ____D C:\Program Files\iPod
2013-09-27 11:26 - 2012-05-18 17:01 - 04147096 _____ (Western Digital Technologies, Inc.) C:\Users\John\Desktop\WDFirmwareUpdater.exe
2013-09-27 11:14 - 2013-09-27 11:14 - 00000000 ____D C:\Users\John\AppData\Local\Western_Digital
2013-09-27 11:11 - 2013-09-27 11:26 - 00000000 ____D C:\ProgramData\Western Digital
2013-09-27 11:11 - 2013-09-27 11:11 - 00001051 _____ C:\Users\Public\Desktop\WD SmartWare.lnk
2013-09-27 11:11 - 2013-09-27 11:11 - 00000000 ____D C:\Program Files\Western Digital
2013-09-27 11:10 - 2013-09-27 11:10 - 00001076 _____ C:\Users\Public\Desktop\WD Security.lnk
2013-09-27 11:08 - 2013-09-27 11:16 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-09-27 11:07 - 2013-09-27 11:12 - 00000000 ____D C:\Users\John\AppData\Local\Western Digital
2013-09-23 12:23 - 2013-09-23 12:23 - 00000000 ____D C:\Users\John\Desktop\Van Halen - 1984
2013-09-23 11:40 - 2013-09-25 17:39 - 00000000 ____D C:\Users\John\Desktop\Cake - Fashion Nugget
2013-09-22 20:59 - 2013-09-27 23:40 - 00020506 _____ C:\Users\John\Desktop\Draft.ods
2013-09-20 10:49 - 2013-09-20 10:49 - 00000000 ____D C:\Users\John\Desktop\ADD THESE
2013-09-18 09:52 - 2013-09-18 09:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-12 14:26 - 2013-09-12 14:27 - 00021310 _____ C:\Users\John\Documents\cc_20130912_142633.reg
2013-09-12 13:29 - 2013-10-06 13:19 - 00000856 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== One Month Modified Files and Folders =======

2013-10-11 07:53 - 2013-10-11 07:53 - 00000000 ____D C:\FRST
2013-10-11 07:41 - 2011-07-08 12:54 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-11 07:41 - 2010-09-05 20:42 - 01484187 _____ C:\Windows\WindowsUpdate.log
2013-10-11 07:38 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 07:38 - 2006-11-02 11:22 - 00006416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 07:38 - 2006-11-02 11:22 - 00006416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-10 23:23 - 2006-11-02 11:42 - 00032562 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-10 23:04 - 2013-10-10 23:04 - 00000000 ____D C:\Program Files (x86)\Aurora
2013-10-10 22:43 - 2010-02-26 13:25 - 00000000 ____D C:\Users\John\AppData\Local\Adobe
2013-10-10 22:31 - 2013-10-10 22:31 - 00830344 _____ (Adobe Systems Incorporated) C:\Users\John\Desktop\uninstall_flash_player.exe
2013-10-10 22:29 - 2011-07-08 12:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-10 22:28 - 2013-10-10 22:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-10 22:23 - 2013-10-10 22:23 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 22:23 - 2012-05-05 14:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 22:23 - 2011-06-16 10:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 21:48 - 2013-10-06 12:29 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2013-10-10 18:06 - 2010-12-06 14:39 - 00000000 ____D C:\ProgramData\MFAData
2013-10-10 15:45 - 2010-03-06 00:57 - 00000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2013-10-10 15:44 - 2013-10-10 15:44 - 00000558 _____ C:\Windows\PFRO.log
2013-10-10 15:31 - 2013-10-10 15:31 - 00002337 _____ C:\Users\John\Desktop\New Text Document (3).txt
2013-10-10 15:31 - 2006-11-02 08:46 - 00759910 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 15:27 - 2013-10-10 15:27 - 01954124 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2013-10-10 14:57 - 2013-10-10 14:55 - 00000286 _____ C:\Users\John\Desktop\eset.txt
2013-10-10 11:39 - 2013-10-10 11:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-10 11:38 - 2013-10-10 11:38 - 02347384 _____ (ESET) C:\Users\John\Desktop\esetsmartinstaller_enu.exe
2013-10-10 11:17 - 2013-10-10 11:17 - 00000000 ____D C:\ProgramData\Oracle
2013-10-10 11:15 - 2013-10-10 11:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-10 11:15 - 2013-10-10 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-10 11:15 - 2013-10-10 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-10 11:15 - 2013-10-10 11:16 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-10 11:15 - 2012-07-02 11:38 - 00868264 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-10-10 11:15 - 2011-03-15 16:49 - 00790440 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-10 08:40 - 2013-10-10 08:40 - 00000931 _____ C:\Users\John\Desktop\JRT.txt
2013-10-10 08:27 - 2013-10-10 08:27 - 00000000 ____D C:\Windows\ERUNT
2013-10-10 08:24 - 2013-10-10 08:24 - 01032220 _____ (Thisisu) C:\Users\John\Desktop\JRT.exe
2013-10-09 08:47 - 2013-10-09 08:47 - 00022321 _____ C:\ComboFix.txt
2013-10-09 08:47 - 2013-10-09 08:29 - 00000000 ____D C:\Qoobox
2013-10-09 08:47 - 2006-11-02 09:33 - 00000000 __RHD C:\Users\Default
2013-10-09 08:44 - 2013-10-09 08:28 - 00000000 ____D C:\Windows\erdnt
2013-10-09 08:44 - 2006-11-02 08:34 - 00000215 _____ C:\Windows\system.ini
2013-10-09 08:24 - 2013-10-08 22:57 - 00000000 ____D C:\AdwCleaner
2013-10-09 08:23 - 2013-10-09 08:23 - 01048960 _____ C:\Users\John\Desktop\AdwCleaner.exe
2013-10-09 08:21 - 2013-10-08 22:50 - 00002337 _____ C:\Users\John\Desktop\New Text Document (2).txt
2013-10-09 08:20 - 2013-10-09 08:20 - 05132072 ____R (Swearware) C:\Users\John\Desktop\ComboFix.exe
2013-10-08 22:48 - 2013-10-08 22:48 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\John\Desktop\tdsskiller.exe
2013-10-08 10:10 - 2013-05-03 20:40 - 00000630 _____ C:\Users\John\Desktop\New Text Document.txt
2013-10-07 13:43 - 2013-10-07 13:43 - 00018857 _____ C:\Users\John\Desktop\dds.txt
2013-10-07 13:43 - 2013-10-07 13:43 - 00013098 _____ C:\Users\John\Desktop\attach.txt
2013-10-07 13:21 - 2013-10-07 13:21 - 00688992 ____R (Swearware) C:\Users\John\Desktop\dds.com
2013-10-07 13:17 - 2013-10-07 13:17 - 00000000 _____ C:\Windows\setuperr.log
2013-10-07 13:17 - 2013-10-07 13:17 - 00000000 _____ C:\Windows\setupact.log
2013-10-06 13:20 - 2010-03-04 15:53 - 00000000 ____D C:\Users\John\AppData\Roaming\Winamp
2013-10-06 13:19 - 2013-09-12 13:29 - 00000856 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-06 13:19 - 2010-04-12 21:13 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-10-04 17:30 - 2013-10-04 17:30 - 00001694 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-04 17:29 - 2013-10-04 17:28 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-04 17:29 - 2013-10-04 17:28 - 00000000 ____D C:\Program Files\iTunes
2013-10-04 17:29 - 2011-03-15 17:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-04 17:28 - 2013-10-04 17:28 - 00000000 ____D C:\Program Files\iPod
2013-09-30 21:05 - 2010-06-21 14:04 - 00002557 _____ C:\Users\John\Desktop\HiJackThis.lnk
2013-09-30 21:03 - 2010-04-08 21:16 - 00000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2013-09-30 20:32 - 2010-10-23 11:51 - 00000000 ____D C:\Users\John\Desktop\Pics
2013-09-30 15:07 - 2010-12-12 21:08 - 00000000 ____D C:\Users\John\AppData\Roaming\vlc
2013-09-29 19:03 - 2010-02-24 22:57 - 00018944 _____ C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-27 23:40 - 2013-09-22 20:59 - 00020506 _____ C:\Users\John\Desktop\Draft.ods
2013-09-27 11:26 - 2013-09-27 11:11 - 00000000 ____D C:\ProgramData\Western Digital
2013-09-27 11:16 - 2013-09-27 11:08 - 00000000 ____D C:\Program Files (x86)\Western Digital
2013-09-27 11:14 - 2013-09-27 11:14 - 00000000 ____D C:\Users\John\AppData\Local\Western_Digital
2013-09-27 11:12 - 2013-09-27 11:07 - 00000000 ____D C:\Users\John\AppData\Local\Western Digital
2013-09-27 11:11 - 2013-09-27 11:11 - 00001051 _____ C:\Users\Public\Desktop\WD SmartWare.lnk
2013-09-27 11:11 - 2013-09-27 11:11 - 00000000 ____D C:\Program Files\Western Digital
2013-09-27 11:10 - 2013-09-27 11:10 - 00001076 _____ C:\Users\Public\Desktop\WD Security.lnk
2013-09-27 11:09 - 2010-02-23 18:41 - 00000000 ____D C:\Users\John
2013-09-25 17:39 - 2013-09-23 11:40 - 00000000 ____D C:\Users\John\Desktop\Cake - Fashion Nugget
2013-09-23 12:23 - 2013-09-23 12:23 - 00000000 ____D C:\Users\John\Desktop\Van Halen - 1984
2013-09-20 11:13 - 2013-07-27 10:36 - 00000000 ____D C:\Users\John\Desktop\NEW MUZIK
2013-09-20 10:49 - 2013-09-20 10:49 - 00000000 ____D C:\Users\John\Desktop\ADD THESE
2013-09-19 21:26 - 2010-01-03 13:04 - 00000000 ____D C:\Users\John\Desktop\Tunes
2013-09-18 18:54 - 2006-11-02 11:21 - 00416024 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-18 18:53 - 2012-04-24 20:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-18 09:56 - 2013-09-18 09:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-15 16:53 - 2010-02-23 18:42 - 00108240 _____ C:\Users\John\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-15 10:29 - 2010-05-05 07:46 - 00000000 ____D C:\ProgramData\DivX
2013-09-15 10:29 - 2010-03-04 21:11 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-15 10:27 - 2010-11-22 13:04 - 00000000 ____D C:\Program Files\DivX
2013-09-12 14:27 - 2013-09-12 14:26 - 00021310 _____ C:\Users\John\Documents\cc_20130912_142633.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 07:46

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by John at 2013-10-11 07:55:01
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

µTorrent (HKCU Version: 3.3.1.30017)
AC3Filter 1.62b (x32 Version: 1.62b)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0.0.3)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
AnyDVD (x32 Version: 6.8.9.0)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
Aurora 26.0a2 (x86 en-US) (x32 Version: 26.0a2)
AVG 2013 (Version: 13.0.3222)
AVG 2013 (Version: 13.0.3408)
AVG 2013 (Version: 2013.0.3408)
BBCAViewer (x32 Version: 1.06)
Bonjour (Version: 3.0.0.10)
calibre (x32 Version: 0.9.38)
Camera Assistant Software for Toshiba (x32 Version: 1.7.211.0813L)
CCleaner (Version: 4.06)
ConverterLite 1.5.0 (x32 Version: 1.5.0)
ConvertXtoDVD 4.1.19.365 (x32 Version: 4.1.19.365)
DHTML Editing Component (x32 Version: 6.02.0001)
DivX Setup (x32 Version: 2.6.1.84)
Dowce (HKCU Version: 1.2.0.2)
Dropbox (HKCU Version: 2.0.22)
DVD Shrink 3.2 (x32)
ESET Online Scanner v3 (x32)
Facebook Plug-In (HKCU)
Family Tree Maker 2011 (x32 Version: 20.0.368)
GIMP 2.6.10 (x32 Version: 2.6.10)
HiJackThis (x32 Version: 1.0.0)
iCloud (Version: 2.1.2.8)
ImgBurn (x32 Version: 2.5.6.0)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software (Version: 14.03.0000)
iTunes (Version: 11.1.1.11)
Java 7 Update 40 (x32 Version: 7.0.400)
Java Auto Updater (x32 Version: 2.1.9.8)
LG USB Modem driver (x32)
LogMeIn (x32 Version: 4.1.2138)
Magic DVD Copier V7.1.2 (x32)
Magic DVD Ripper V7.1.2 (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
OpenOffice.org 3.2 (x32 Version: 3.2.9483)
QuickTime (x32 Version: 7.74.80.86)
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (x32 Version: 1.00.0000)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
Realtek USB 2.0 Card Reader (x32 Version: )
Realtek WLAN Driver (x32 Version: 2.00.0003)
Skype™ 5.10 (x32 Version: 5.10.116)
Synaptics Pointing Device Driver (Version: 11.2.4.0)
System Requirements Lab for Intel (x32 Version: 4.5.3.0)
TOSHIBA Assist (x32 Version: 3.00.06)
TOSHIBA ConfigFree (x32 Version: 7.2.21)
TOSHIBA Hardware Setup (x32 Version: 2.00.08)
TuneUp Utilities 2012 (x32 Version: 12.0.2020.22)
TuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.2020.22)
UDoTaxes2009  (x32)
UltraVnc (Version: 1.0.9.5)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Vista x86 OneClick Activator (x32 Version: 1.0.0)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
WD Drive Utilities (x32 Version: 1.0.3.3)
WD Security (x32 Version: 1.0.0)
WD SmartWare (Version: 1.5.4)
Winamp (x32 Version: 5.65 )
Winamp Application Detect (HKCU Version: 1.0.0.1)
Windows Driver Package - TOSHIBA (FwLnk) System  (11/19/2006 1.0.0.3) (Version: 11/19/2006 1.0.0.3)
Windows Media Encoder 9 Series (x32 Version: 9.00.3374)
Windows Media Encoder 9 Series (x32)
WinRAR archiver

==================== Restore Points  =========================

10-10-2013 15:15:18 Installed Java 7 Update 40

==================== Hosts content: ==========================

2006-11-02 08:34 - 2013-10-09 08:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {157CED91-E4CB-4275-8C65-5F9FC6A04D13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {25E7CA25-8F5E-402C-BD38-7ED5E308CB25} - System32\Tasks\{48018C1A-57EB-4251-9ECF-DE9A3BF4F3D8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-19] (Microsoft Corporation)
Task: {66C9CE27-A63F-405A-A79A-305A1441132D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated)
Task: {9E1A1CC4-01A5-4D86-A43D-71F3DE74E6A4} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {A881E37B-E473-49EC-9BDB-C797BEB306E6} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C9C75B29-2407-4DC7-A567-D5D3E53AF421} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {E2599BCF-3D91-46D8-A475-C95114F7B716} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {E6A9F59D-FE97-4382-A1C5-D88963E28F43} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-07-08] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2010-02-25] ()
Task: {EA581DA9-18C6-49D8-8C0E-C176B5AC5F37} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-18 09:52 - 2013-09-18 09:53 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-10 22:23 - 2013-10-10 22:23 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:661DFA1C
AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/10/2013 04:22:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/10/2013 04:14:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/10/2013 04:12:40 PM) (Source: Software Licensing Service) (User: )
Description: The Software Licensing service failed to start. hr=0x80070002, [2, 4]

Error: (10/10/2013 11:38:59 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (10/10/2013 09:48:56 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(d0:23:db:79:b5:c1@fe80::d223:dbff:fe79:b5c1._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (10/10/2013 09:48:56 AM) (Source: Bonjour Service) (User: )
Description: Client application bug: DNSServiceResolve(70:56:81:2b:0d:b6@fe80::7256:81ff:fe2b:db6._apple-mobdev._tcp.local.) active for over two minutes. This places considerable burden on the network.


System errors:
=============
Error: (10/11/2013 07:39:08 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (10/11/2013 07:38:29 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (10/10/2013 11:23:25 PM) (Source: Service Control Manager) (User: )
Description: ScRegSetValueExWFailureActions%%5

Error: (10/10/2013 09:29:36 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.2.190.151 for the Network Card with network address 0022FA356D9C has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (10/10/2013 09:28:34 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.240 for the Network Card with network address 0022FA356D9C has been denied by the DHCP server 192.2.190.2 (The DHCP Server sent a DHCPNACK message).

Error: (10/10/2013 08:02:30 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.2.190.151 for the Network Card with network address 0022FA356D9C has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (10/10/2013 08:01:29 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.240 for the Network Card with network address 0022FA356D9C has been denied by the DHCP server 192.2.190.2 (The DHCP Server sent a DHCPNACK message).

Error: (10/10/2013 05:21:01 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.2.190.151 for the Network Card with network address 0022FA356D9C has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).

Error: (10/10/2013 05:20:00 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.240 for the Network Card with network address 0022FA356D9C has been denied by the DHCP server 192.2.190.2 (The DHCP Server sent a DHCPNACK message).

Error: (10/10/2013 04:23:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-10-11 07:54:09.476
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-11 07:54:09.204
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-11 07:54:08.905
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-11 07:54:08.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-09 08:43:07.679
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-09 08:43:07.429
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-10-09 08:34:11.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-09 08:34:10.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-09 08:34:10.472
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-10-09 08:34:10.207
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\avgidsha.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3963.07 MB
Available physical RAM: 2145.43 MB
Total Pagefile: 8131.43 MB
Available Pagefile: 6227.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.09 GB) (Free:210.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 17CEAE71)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Also, last night I updated flash, so maybe that will solve my flash crashes...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users