Help requested: Malwarebytes constant pop-ups block 95.211.194.79

enurtsol · Jul 15, 2013

Hello good people of Computer Forum,

How are you and good afternoon. Seems there's an issue we can't figure out. We're trying to fix an older Vista computer. While web browsing with IE9, something weird started happening just yesterday which I'll explain as best as I can. We haven't installed any program since this started happening yesterday except Java 7 Update 25 installed today (which can be uninstalled if need be).

What's happening is that Malwarebytes Anti-Malware Pro 1.75 keeps popping up every other minute:

Successfully blocked access to a potentially malicious website: 95.211.194.79
Type: outgoing
Port: ***** [always changing], Process: explorer.exe

Using IP lookup:

Hostname hosted-by.leaseweb.com
Ip Address 95.211.194.79
Host of this IP 95.211.194.79
Country Name Netherlands
City Name Amsterdam

Using the latest updates, we ran Malwarebytes Pro 1.75 scan but turned out OK. It's a Windows Vista Ultimate SP2 32-bit 4GB RAM computer running ESET NOD32 Antivirus 6 and Spybot 1.6.2

Also, this could be related, I noticed (which I don't believe was happening before this problem started) that whenever I'm connected to the router/internet, the computer's net traffic spikes up too every few minutes. And whenever it does, the C:\Windows\Temp folder kept getting filled with htt****.tmp files (where **** are alphanumeric) that can be tens of MBs large or more. And those .tmp files can't seem to be deleted but disappear after reboot.

Here are the copy&paste log files of Malwarebytes and Hijackthis:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
LostRune :: KYOKO [administrator]

Protection: Enabled

7/15/2013 5:46:47 PM
mbam-log-2013-07-15 (17-46-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 279720
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:57:32 PM, on 7/15/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)

FIREFOX: 22.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Laplink\Laplink DiskImage\ooditray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\PROGRAM FILES\OUTLOOK ON THE DESKTOP\OUTLOOKDESKTOP.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\explorer.exe
C:\Program Files\GhosteryIEplugin\GhosteryRegistryProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
D:\Users\LostRune\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\Run: [OODITRAY.EXE] C:\Program Files\Laplink\Laplink DiskImage\OODITRAY.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Artisan 830(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGXA.EXE /FU "C:\Users\LostRune\AppData\Local\Temp\E_S6E75.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Links to this page - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
O8 - Extra context menu item: &Similar pages - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to iPod Converter - D:\Users\LostRune\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
O8 - Extra context menu item: Look up in Mr&Check... - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
O8 - Extra context menu item: Open in &new window - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Search with &Google - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O8 - Extra context menu item: Show page from the &cache - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gcache.htm
O8 - Extra context menu item: Translate this page with Google - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: View old version at &archives.org - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Zoom &in - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &out - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
O16 - DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} (TNetworkScanner Control) - http://optimum.net/downloads/TNetworkScannerXControl.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209007354990
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209007424377
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files\GhosteryIEplugin\GhosteryMimeFilter.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files\Fitbit\fitbit.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: OO DiskImage - Unknown owner - C:\Program Files\Laplink\Laplink DiskImage\oodiag.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\Windows\system32\SAgent4.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe

--
End of file - 16813 bytes

Thank you very much for any help.

johnb35 · Jul 16, 2013

Please run the following and post the logs.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.

2.

Please download AdwCleaner by Xplode onto your Desktop.

•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

enurtsol · Jul 16, 2013

Hello johnb,

Good day. Thanks for timely assistance. I followed your instructions, and the scans did not find anything, while the previous issues continue. Here are the resulting logs:

19:40:30.0501 3352 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:40:30.0984 3352 ============================================================
19:40:30.0984 3352 Current date / time: 2013/07/15 19:40:30.0984
19:40:30.0984 3352 SystemInfo:
19:40:30.0984 3352
19:40:30.0984 3352 OS Version: 6.0.6002 ServicePack: 2.0
19:40:30.0984 3352 Product type: Workstation
19:40:30.0984 3352 ComputerName: KYOKO
19:40:30.0985 3352 UserName: LostRune
19:40:30.0985 3352 Windows directory: C:\Windows
19:40:30.0985 3352 System windows directory: C:\Windows
19:40:30.0985 3352 Processor architecture: Intel x86
19:40:30.0985 3352 Number of processors: 2
19:40:30.0985 3352 Page size: 0x1000
19:40:30.0985 3352 Boot type: Normal boot
19:40:30.0985 3352 ============================================================
19:40:32.0135 3352 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:32.0149 3352 Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:32.0159 3352 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:32.0190 3352 ============================================================
19:40:32.0190 3352 \Device\Harddisk0\DR0:
19:40:32.0191 3352 MBR partitions:
19:40:32.0191 3352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6422F49
19:40:32.0191 3352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6422F88, BlocksNum 0xB6CEB9C
19:40:32.0191 3352 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11AF1B24, BlocksNum 0xB6D2A5D
19:40:32.0191 3352 \Device\Harddisk1\DR1:
19:40:32.0199 3352 Invalid mbr signature
19:40:32.0199 3352 \Device\Harddisk2\DR2:
19:40:32.0199 3352 MBR partitions:
19:40:32.0199 3352 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C2800
19:40:32.0200 3352 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x1D1C3000, BlocksNum 0x1D1C2800
19:40:32.0200 3352 ============================================================
19:40:32.0297 3352 C: <-> \Device\Harddisk0\DR0\Partition1
19:40:32.0328 3352 F: <-> \Device\Harddisk2\DR2\Partition1
19:40:32.0362 3352 G: <-> \Device\Harddisk2\DR2\Partition2
19:40:32.0449 3352 D: <-> \Device\Harddisk0\DR0\Partition2
19:40:32.0589 3352 E: <-> \Device\Harddisk0\DR0\Partition3
19:40:32.0590 3352 ============================================================
19:40:32.0590 3352 Initialize success
19:40:32.0590 3352 ============================================================
19:41:26.0505 5172 ============================================================
19:41:26.0505 5172 Scan started
19:41:26.0505 5172 Mode: Manual;
19:41:26.0505 5172 ============================================================
19:41:38.0276 5172 ================ Scan system memory ========================
19:41:38.0276 5172 System memory - ok
19:41:38.0276 5172 ================ Scan services =============================
19:41:38.0725 5172 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:41:38.0807 5172 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:41:40.0015 5172 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:41:40.0041 5172 ACPI - ok
19:41:40.0211 5172 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:41:40.0225 5172 AdobeARMservice - ok
19:41:40.0357 5172 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:41:40.0423 5172 adp94xx - ok
19:41:40.0502 5172 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:41:40.0523 5172 adpahci - ok
19:41:40.0545 5172 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:41:40.0558 5172 adpu160m - ok
19:41:40.0596 5172 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:41:40.0615 5172 adpu320 - ok
19:41:40.0659 5172 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:41:40.0674 5172 AeLookupSvc - ok
19:41:40.0768 5172 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:41:40.0807 5172 AFD - ok
19:41:40.0843 5172 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:41:40.0855 5172 agp440 - ok
19:41:40.0901 5172 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:41:40.0912 5172 aic78xx - ok
19:41:40.0960 5172 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:41:40.0973 5172 ALG - ok
19:41:40.0991 5172 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
19:41:41.0001 5172 aliide - ok
19:41:41.0459 5172 ALSysIO - ok
19:41:41.0598 5172 [ 92543DA5BB9775978FDBC1650C24A058 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:41:41.0624 5172 AMD External Events Utility - ok
19:41:41.0669 5172 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:41:41.0689 5172 amdagp - ok
19:41:41.0714 5172 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
19:41:41.0728 5172 amdide - ok
19:41:41.0756 5172 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:41:41.0796 5172 AmdK7 - ok
19:41:41.0817 5172 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:41:41.0829 5172 AmdK8 - ok
19:41:41.0880 5172 [ 4C7C8F1678E516A961CD79A1CA0A0C82 ] Amps2prt C:\Windows\system32\DRIVERS\Amps2prt.sys
19:41:41.0894 5172 Amps2prt - ok
19:41:41.0981 5172 [ 82CE157FF3701AB50769B2654D0B0215 ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
19:41:41.0998 5172 AnyDVD - ok
19:41:42.0050 5172 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:41:42.0062 5172 Appinfo - ok
19:41:42.0209 5172 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:41:42.0220 5172 Apple Mobile Device - ok
19:41:42.0297 5172 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
19:41:42.0327 5172 AppMgmt - ok
19:41:42.0357 5172 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
19:41:42.0371 5172 arc - ok
19:41:42.0396 5172 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:41:42.0409 5172 arcsas - ok
19:41:42.0760 5172 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:41:42.0867 5172 aspnet_state - ok
19:41:42.0907 5172 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:42.0923 5172 AsyncMac - ok
19:41:42.0981 5172 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
19:41:42.0982 5172 atapi - ok
19:41:43.0237 5172 [ 99001DE5A38DB425AE186AB021914540 ] ATIAVPCI C:\Windows\system32\DRIVERS\atinavrr.sys
19:41:43.0312 5172 ATIAVPCI - ok
19:41:44.0414 5172 [ 632A5BE70D168B84F658A82AC8DBBEAD ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:41:44.0846 5172 atikmdag - ok
19:41:44.0949 5172 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:41:45.0001 5172 AudioEndpointBuilder - ok
19:41:45.0021 5172 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:41:45.0024 5172 Audiosrv - ok
19:41:45.0101 5172 [ 8582C97889C224082578EE02AA00B2E6 ] AWService C:\Program Files\Intel\IDU\awServ.exe
19:41:45.0111 5172 AWService - ok
19:41:45.0156 5172 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:41:45.0166 5172 Beep - ok
19:41:45.0273 5172 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:41:45.0308 5172 BFE - ok
19:41:45.0501 5172 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
19:41:45.0592 5172 BITS - ok
19:41:45.0597 5172 blbdrive - ok
19:41:45.0850 5172 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:41:45.0878 5172 Bonjour Service - ok
19:41:45.0917 5172 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:41:45.0935 5172 bowser - ok
19:41:45.0985 5172 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:41:46.0001 5172 BrFiltLo - ok
19:41:46.0023 5172 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:41:46.0054 5172 BrFiltUp - ok
19:41:46.0108 5172 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:41:46.0133 5172 Browser - ok
19:41:46.0166 5172 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:41:46.0186 5172 Brserid - ok
19:41:46.0208 5172 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:41:46.0220 5172 BrSerWdm - ok
19:41:46.0244 5172 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:41:46.0259 5172 BrUsbMdm - ok
19:41:46.0286 5172 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:41:46.0302 5172 BrUsbSer - ok
19:41:46.0401 5172 [ F9457B95D98E5DDA90F8EFCA98A1C7FA ] btaudio C:\Windows\system32\drivers\btaudio.sys
19:41:46.0446 5172 btaudio - ok
19:41:46.0528 5172 [ 3944041E640710AFFFAEC52B7957EF5D ] BTDriver C:\Windows\system32\DRIVERS\btport.sys
19:41:46.0546 5172 BTDriver - ok
19:41:46.0627 5172 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
19:41:46.0652 5172 BthEnum - ok
19:41:46.0698 5172 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:41:46.0723 5172 BTHMODEM - ok
19:41:46.0773 5172 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
19:41:46.0793 5172 BthPan - ok
19:41:46.0951 5172 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:41:47.0026 5172 BTHPORT - ok
19:41:47.0144 5172 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
19:41:47.0159 5172 BthServ - ok
19:41:47.0212 5172 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:41:47.0220 5172 BTHUSB - ok
19:41:47.0471 5172 [ 62C53CC7D8FC4848BB7A492FAA2EDEF4 ] BTKRNL C:\Windows\system32\DRIVERS\btkrnl.sys
19:41:47.0556 5172 BTKRNL - ok
19:41:47.0575 5172 btwaudio - ok
19:41:47.0604 5172 btwavdt - ok
19:41:47.0853 5172 [ A5051EC08954854F0DD8146CF68DA9C7 ] btwdins C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
19:41:47.0874 5172 btwdins - ok
19:41:48.0027 5172 [ 054EE206461237E3399708EA4543138F ] BTWDNDIS C:\Windows\system32\DRIVERS\btwdndis.sys
19:41:48.0047 5172 BTWDNDIS - ok
19:41:48.0090 5172 [ C5F44DD7C7C8DBE4A78FCE6A42E6D12F ] btwhid C:\Windows\system32\DRIVERS\btwhid.sys
19:41:48.0102 5172 btwhid - ok
19:41:48.0129 5172 btwl2cap - ok
19:41:48.0153 5172 btwrchid - ok
19:41:48.0277 5172 [ 8FE038CAF82E18260E8230A9BB8B98AB ] BTWUSB C:\Windows\system32\Drivers\btwusb.sys
19:41:48.0294 5172 BTWUSB - ok
19:41:48.0369 5172 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
19:41:48.0386 5172 BVRPMPR5 - ok
19:41:48.0463 5172 [ F6B032F03602321CBAD380A6EB883525 ] cbfs3 C:\Windows\system32\DRIVERS\cbfs3.sys
19:41:48.0497 5172 cbfs3 - ok
19:41:48.0541 5172 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:41:48.0558 5172 cdfs - ok
19:41:48.0609 5172 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:41:48.0621 5172 cdrom - ok
19:41:48.0674 5172 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:41:48.0688 5172 CertPropSvc - ok
19:41:48.0754 5172 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
19:41:48.0764 5172 circlass - ok
19:41:49.0089 5172 [ 923672D4B4C8AE12109854BB355BFA5E ] CLCapSvc C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
19:41:49.0113 5172 CLCapSvc - ok
19:41:49.0190 5172 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:41:49.0261 5172 CLFS - ok
19:41:49.0456 5172 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:41:49.0469 5172 clr_optimization_v2.0.50727_32 - ok
19:41:49.0572 5172 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:41:50.0000 5172 clr_optimization_v4.0.30319_32 - ok
19:41:50.0037 5172 [ 2BBC13AFA773D06D115C55692FDD9FB4 ] CLSched C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
19:41:50.0052 5172 CLSched - ok
19:41:50.0079 5172 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:41:50.0119 5172 cmdide - ok
19:41:50.0140 5172 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:41:50.0153 5172 Compbatt - ok
19:41:50.0159 5172 COMSysApp - ok
19:41:50.0264 5172 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:41:50.0283 5172 cpudrv - ok
19:41:50.0290 5172 CrackTcpip - ok
19:41:50.0333 5172 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:41:50.0348 5172 crcdisk - ok
19:41:50.0370 5172 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:41:50.0381 5172 Crusoe - ok
19:41:50.0465 5172 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:41:50.0483 5172 CryptSvc - ok
19:41:50.0588 5172 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
19:41:50.0615 5172 CSC - ok
19:41:50.0737 5172 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
19:41:50.0767 5172 CscService - ok
19:41:50.0997 5172 [ 18AA92BA15EBB0C61C72308C6F20DD0E ] CyberLink Media Library Service C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
19:41:51.0057 5172 CyberLink Media Library Service - ok
19:41:51.0115 5172 [ 5118EA8A2F55FA4D4295516500B78229 ] DCamUSBEMPIA C:\Windows\system32\DRIVERS\emDevice.sys
19:41:51.0126 5172 DCamUSBEMPIA - ok
19:41:51.0292 5172 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:41:51.0341 5172 DcomLaunch - ok
19:41:51.0417 5172 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:41:51.0429 5172 DfsC - ok
19:41:51.0871 5172 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
19:41:52.0038 5172 DFSR - ok
19:41:52.0118 5172 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:41:52.0138 5172 Dhcp - ok
19:41:52.0184 5172 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:41:52.0201 5172 disk - ok
19:41:52.0250 5172 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:41:52.0268 5172 Dnscache - ok
19:41:52.0341 5172 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:41:52.0361 5172 dot3svc - ok
19:41:52.0416 5172 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:41:52.0479 5172 DPS - ok
19:41:52.0526 5172 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:41:52.0539 5172 drmkaud - ok
19:41:52.0686 5172 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:41:52.0758 5172 DXGKrnl - ok
19:41:52.0835 5172 [ 88B16142B40CC080A2D86AE769A30396 ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
19:41:52.0859 5172 e1express - ok
19:41:52.0904 5172 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:41:52.0986 5172 E1G60 - ok
19:41:53.0084 5172 [ 16FF05BE2BD95824B487B1476862A84B ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
19:41:53.0105 5172 eamonm - ok
19:41:53.0151 5172 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:41:53.0167 5172 EapHost - ok
19:41:53.0268 5172 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:41:53.0294 5172 Ecache - ok
19:41:53.0399 5172 [ 366369746D1818FDD8589D1F2C8A6D03 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
19:41:53.0410 5172 ehdrv - ok
19:41:53.0611 5172 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:41:53.0639 5172 ehRecvr - ok
19:41:53.0696 5172 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:41:53.0710 5172 ehSched - ok
19:41:53.0730 5172 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:41:53.0746 5172 ehstart - ok
19:41:54.0161 5172 [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
19:41:54.0281 5172 ekrn - ok
19:41:54.0381 5172 [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL C:\Windows\system32\Drivers\ElbyCDFL.sys
19:41:54.0406 5172 ElbyCDFL - ok
19:41:54.0457 5172 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:41:54.0472 5172 ElbyCDIO - ok
19:41:54.0567 5172 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:41:54.0627 5172 elxstor - ok
19:41:54.0664 5172 [ 200DA4F1964C11B3C19A07F937394624 ] emAudio C:\Windows\system32\drivers\emAudio.sys
19:41:54.0674 5172 emAudio - ok
19:41:54.0839 5172 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:41:54.0885 5172 EMDMgmt - ok
19:41:54.0932 5172 [ E38CABC8881DBE278BDA5E131CFF74AC ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
19:41:54.0946 5172 epfwwfpr - ok
19:41:55.0071 5172 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
19:41:55.0084 5172 EpsonBidirectionalService - ok
19:41:55.0179 5172 [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
19:41:55.0199 5172 EPSON_EB_RPCV4_04 - ok
19:41:55.0303 5172 [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
19:41:55.0318 5172 EPSON_PM_RPCV4_04 - ok
19:41:55.0457 5172 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:41:55.0474 5172 EventSystem - ok
19:41:55.0542 5172 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:41:55.0563 5172 exfat - ok
19:41:55.0627 5172 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:41:55.0642 5172 fastfat - ok
19:41:55.0764 5172 [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax C:\Windows\system32\fxssvc.exe
19:41:55.0830 5172 Fax - ok
19:41:55.0877 5172 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:41:55.0897 5172 fdc - ok
19:41:55.0941 5172 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:41:55.0951 5172 fdPHost - ok
19:41:56.0010 5172 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:41:56.0020 5172 FDResPub - ok
19:41:56.0068 5172 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:41:56.0083 5172 FileInfo - ok
19:41:56.0127 5172 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:41:56.0152 5172 Filetrace - ok
19:41:56.0201 5172 [ 6F87E4706F59463B74BC4FAD0F67338F ] FiltUSBEMPIA C:\Windows\system32\DRIVERS\emFilter.sys
19:41:56.0216 5172 FiltUSBEMPIA - ok
19:41:56.0532 5172 [ D4C0E5C287AAD7FF3176731A310AB2AF ] Fitbit C:\Program Files\Fitbit\fitbit.exe
19:41:56.0582 5172 Fitbit - ok
19:41:56.0636 5172 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:56.0678 5172 flpydisk - ok
19:41:56.0747 5172 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:41:56.0774 5172 FltMgr - ok
19:41:56.0987 5172 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll
19:41:57.0062 5172 FontCache - ok
19:41:57.0173 5172 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:41:57.0185 5172 FontCache3.0.0.0 - ok
19:41:57.0294 5172 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:41:57.0332 5172 fssfltr - ok
19:41:57.0724 5172 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:41:57.0984 5172 fsssvc - ok
19:41:58.0016 5172 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:41:58.0035 5172 Fs_Rec - ok
19:41:58.0120 5172 [ FECF4C2E42440A8D132BF94EEE3C3FC9 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:41:58.0148 5172 fvevol - ok
19:41:58.0204 5172 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:41:58.0222 5172 gagp30kx - ok
19:41:58.0289 5172 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:41:58.0304 5172 GEARAspiWDM - ok
19:41:58.0452 5172 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:41:58.0542 5172 gpsvc - ok
19:41:58.0705 5172 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:58.0723 5172 gupdate - ok
19:41:58.0825 5172 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:58.0827 5172 gupdatem - ok
19:41:58.0965 5172 [ AC33BE07397814A442DC305223DE3524 ] HCW85BDA C:\Windows\system32\drivers\HCW85BDA.sys
19:41:59.0126 5172 HCW85BDA - ok
19:41:59.0178 5172 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:41:59.0222 5172 HdAudAddService - ok
19:41:59.0412 5172 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:41:59.0501 5172 HDAudBus - ok
19:41:59.0550 5172 [ 9C1A84CB7D209CBECB1909DE4875E9D6 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
19:41:59.0568 5172 HECI - ok
19:41:59.0600 5172 [ 1EEA61828EB0263B97252842C07E5A1C ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:41:59.0625 5172 HidBatt - ok
19:41:59.0668 5172 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:41:59.0693 5172 HidBth - ok
19:41:59.0733 5172 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:41:59.0764 5172 HidIr - ok
19:41:59.0815 5172 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
19:41:59.0824 5172 hidserv - ok
19:41:59.0937 5172 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:41:59.0950 5172 HidUsb - ok
19:42:00.0002 5172 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:42:00.0018 5172 hkmsvc - ok
19:42:00.0072 5172 [ 9CB151A39895ACE4312095EE2280898F ] hotcore3 C:\Windows\system32\drivers\hotcore3.sys
19:42:00.0090 5172 hotcore3 - ok
19:42:00.0113 5172 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:42:00.0132 5172 HpCISSs - ok
19:42:00.0245 5172 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:42:00.0321 5172 HTTP - ok
19:42:00.0357 5172 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:42:00.0391 5172 i2omp - ok
19:42:00.0455 5172 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:42:00.0481 5172 i8042prt - ok
19:42:00.0556 5172 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:42:00.0604 5172 iaStorV - ok
19:42:00.0813 5172 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:42:00.0974 5172 idsvc - ok
19:42:01.0411 5172 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
19:42:01.0705 5172 igfx - ok
19:42:01.0761 5172 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:42:01.0788 5172 iirsp - ok
19:42:01.0896 5172 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:42:01.0954 5172 IKEEXT - ok
19:42:02.0012 5172 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:42:02.0025 5172 intelide - ok
19:42:02.0081 5172 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:42:02.0106 5172 intelppm - ok
19:42:02.0186 5172 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:42:02.0205 5172 IPBusEnum - ok
19:42:02.0259 5172 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:42:02.0270 5172 IpFilterDriver - ok
19:42:02.0367 5172 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:42:02.0384 5172 iphlpsvc - ok
19:42:02.0391 5172 IpInIp - ok
19:42:02.0426 5172 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:42:02.0449 5172 IPMIDRV - ok
19:42:02.0503 5172 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:42:02.0528 5172 IPNAT - ok
19:42:02.0716 5172 [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:42:02.0797 5172 iPod Service - ok
19:42:02.0834 5172 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:42:02.0855 5172 IRENUM - ok
19:42:02.0878 5172 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:42:02.0900 5172 isapnp - ok
19:42:02.0960 5172 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:42:03.0028 5172 iScsiPrt - ok
19:42:03.0056 5172 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:42:03.0075 5172 iteatapi - ok
19:42:03.0123 5172 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:42:03.0132 5172 iteraid - ok
19:42:03.0183 5172 [ 94A8C9436C36CD9657CFED0043066B9C ] Iviaspi C:\Windows\system32\drivers\iviaspi.sys
19:42:03.0202 5172 Iviaspi - ok
19:42:03.0255 5172 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:42:03.0285 5172 kbdclass - ok
19:42:03.0337 5172 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:42:03.0362 5172 kbdhid - ok
19:42:03.0417 5172 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:42:03.0453 5172 KeyIso - ok
19:42:03.0565 5172 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:42:03.0628 5172 KSecDD - ok
19:42:03.0708 5172 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:42:03.0766 5172 KtmRm - ok
19:42:03.0812 5172 [ 1C219FABFB146C18CCEACCAC51282225 ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:42:03.0838 5172 L8042Kbd - ok
19:42:03.0875 5172 [ 4CC7C98B133CE333B869F771CA30FFA3 ] L8042mou C:\Windows\system32\DRIVERS\L8042mou.Sys
19:42:03.0890 5172 L8042mou - ok
19:42:04.0008 5172 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
19:42:04.0022 5172 LanmanServer - ok
19:42:04.0073 5172 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:42:04.0101 5172 LanmanWorkstation - ok
19:42:04.0111 5172 Lavasoft Ad-Aware Service - ok
19:42:04.0126 5172 Lbd - ok
19:42:04.0329 5172 [ 910344E2A984010435AE84783B25E5EB ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:42:04.0389 5172 LBTServ - ok
19:42:04.0445 5172 [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb C:\Windows\system32\Drivers\LEqdUsb.Sys
19:42:04.0458 5172 LEqdUsb - ok
19:42:04.0516 5172 [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd C:\Windows\system32\Drivers\LHidEqd.Sys
19:42:04.0536 5172 LHidEqd - ok
19:42:04.0585 5172 [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:42:04.0600 5172 LHidFilt - ok
19:42:04.0755 5172 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:42:04.0782 5172 LightScribeService - ok
19:42:04.0835 5172 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:42:04.0851 5172 lltdio - ok
19:42:04.0918 5172 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:42:04.0961 5172 lltdsvc - ok
19:42:05.0015 5172 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:42:05.0032 5172 lmhosts - ok
19:42:05.0057 5172 [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:42:05.0075 5172 LMouFilt - ok
19:42:05.0103 5172 [ FE5877AC25B1B9DD4E14E81ABB5E16CD ] LMouKE C:\Windows\system32\DRIVERS\LMouKE.Sys
19:42:05.0126 5172 LMouKE - ok
19:42:05.0207 5172 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:42:05.0228 5172 LSI_FC - ok
19:42:05.0258 5172 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:42:05.0273 5172 LSI_SAS - ok
19:42:05.0319 5172 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:42:05.0343 5172 LSI_SCSI - ok
19:42:05.0379 5172 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:42:05.0400 5172 luafv - ok

enurtsol · Jul 16, 2013

TDSSkiller continued:

19:42:05.0484 5172 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
19:42:05.0512 5172 MarvinBus - ok
19:42:05.0571 5172 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:42:05.0587 5172 MBAMProtector - ok
19:42:05.0769 5172 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:42:05.0813 5172 MBAMScheduler - ok
19:42:05.0977 5172 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:42:06.0093 5172 MBAMService - ok
19:42:06.0150 5172 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:42:06.0163 5172 Mcx2Svc - ok
19:42:06.0325 5172 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:42:06.0360 5172 MDM - ok
19:42:06.0398 5172 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
19:42:06.0413 5172 megasas - ok
19:42:06.0469 5172 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:42:06.0487 5172 MMCSS - ok
19:42:06.0539 5172 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:42:06.0554 5172 Modem - ok
19:42:06.0591 5172 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:42:06.0608 5172 monitor - ok
19:42:06.0644 5172 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:42:06.0659 5172 mouclass - ok
19:42:06.0746 5172 [ 634AC341786278FEE987C0587ED1E554 ] moufiltr C:\Windows\system32\DRIVERS\moufiltr.sys
19:42:06.0761 5172 moufiltr - ok
19:42:06.0815 5172 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:42:06.0824 5172 mouhid - ok
19:42:06.0879 5172 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:42:06.0890 5172 MountMgr - ok
19:42:06.0979 5172 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:42:06.0994 5172 MozillaMaintenance - ok
19:42:07.0036 5172 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
19:42:07.0063 5172 mpio - ok
19:42:07.0113 5172 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:42:07.0128 5172 mpsdrv - ok
19:42:07.0256 5172 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:42:07.0294 5172 MpsSvc - ok
19:42:07.0332 5172 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:42:07.0354 5172 Mraid35x - ok
19:42:07.0390 5172 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:42:07.0421 5172 MRxDAV - ok
19:42:07.0484 5172 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:42:07.0526 5172 mrxsmb - ok
19:42:07.0613 5172 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:42:07.0643 5172 mrxsmb10 - ok
19:42:07.0671 5172 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:42:07.0702 5172 mrxsmb20 - ok
19:42:07.0739 5172 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
19:42:07.0771 5172 msahci - ok
19:42:07.0939 5172 [ 31E023681015C35EBFE1498B07813B87 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:42:07.0972 5172 MSCamSvc - ok
19:42:07.0999 5172 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:42:08.0016 5172 msdsm - ok
19:42:08.0048 5172 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:42:08.0060 5172 MSDTC - ok
19:42:08.0128 5172 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:42:08.0137 5172 Msfs - ok
19:42:08.0179 5172 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:42:08.0193 5172 msisadrv - ok
19:42:08.0232 5172 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:42:08.0260 5172 MSiSCSI - ok
19:42:08.0268 5172 msiserver - ok
19:42:08.0315 5172 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:42:08.0332 5172 MSKSSRV - ok
19:42:08.0414 5172 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:42:08.0426 5172 MSPCLOCK - ok
19:42:08.0486 5172 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:42:08.0501 5172 MSPQM - ok
19:42:08.0582 5172 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:42:08.0617 5172 MsRPC - ok
19:42:08.0662 5172 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:42:08.0677 5172 mssmbios - ok
19:42:08.0710 5172 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:42:08.0719 5172 MSTEE - ok
19:42:08.0765 5172 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:42:08.0785 5172 Mup - ok
19:42:08.0911 5172 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:42:08.0941 5172 napagent - ok
19:42:09.0000 5172 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:42:09.0049 5172 NativeWifiP - ok
19:42:09.0145 5172 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:42:09.0229 5172 NDIS - ok
19:42:09.0275 5172 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:42:09.0288 5172 NdisTapi - ok
19:42:09.0338 5172 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:42:09.0353 5172 Ndisuio - ok
19:42:09.0428 5172 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:42:09.0459 5172 NdisWan - ok
19:42:09.0524 5172 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:42:09.0540 5172 NDProxy - ok
19:42:09.0601 5172 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
19:42:09.0614 5172 Netaapl - ok
19:42:09.0638 5172 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:42:09.0650 5172 NetBIOS - ok
19:42:09.0737 5172 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:42:09.0782 5172 netbt - ok
19:42:10.0111 5172 [ 9EDE64D82D222A1D7DCD109AC34C64D4 ] NETGEARGenieDaemon C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
19:42:10.0145 5172 NETGEARGenieDaemon - ok
19:42:10.0171 5172 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:42:10.0174 5172 Netlogon - ok
19:42:10.0284 5172 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:42:10.0322 5172 Netman - ok
19:42:10.0695 5172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:10.0847 5172 NetMsmqActivator - ok
19:42:10.0862 5172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:10.0863 5172 NetPipeActivator - ok
19:42:10.0954 5172 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:42:10.0984 5172 netprofm - ok
19:42:11.0007 5172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:11.0009 5172 NetTcpActivator - ok
19:42:11.0034 5172 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:11.0036 5172 NetTcpPortSharing - ok
19:42:11.0100 5172 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:42:11.0128 5172 nfrd960 - ok
19:42:11.0222 5172 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:42:11.0237 5172 NlaSvc - ok
19:42:11.0321 5172 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
19:42:11.0330 5172 NPF - ok
19:42:11.0391 5172 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:42:11.0402 5172 Npfs - ok
19:42:11.0434 5172 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:42:11.0447 5172 nsi - ok
19:42:11.0538 5172 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:42:11.0548 5172 nsiproxy - ok
19:42:11.0780 5172 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:42:11.0939 5172 Ntfs - ok
19:42:11.0962 5172 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:42:11.0980 5172 ntrigdigi - ok
19:42:12.0029 5172 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
19:42:12.0045 5172 NuidFltr - ok
19:42:12.0098 5172 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:42:12.0112 5172 Null - ok
19:42:12.0123 5172 nvlddmkm - ok
19:42:12.0162 5172 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:42:12.0179 5172 nvraid - ok
19:42:12.0207 5172 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:42:12.0221 5172 nvstor - ok
19:42:12.0275 5172 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:42:12.0311 5172 nv_agp - ok
19:42:12.0323 5172 NwlnkFlt - ok
19:42:12.0339 5172 NwlnkFwd - ok
19:42:12.0495 5172 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:42:12.0528 5172 odserv - ok
19:42:12.0562 5172 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:42:12.0590 5172 ohci1394 - ok
19:42:12.0915 5172 [ 39A7E63C4430CAEB8DB3AF626CBE85D5 ] OO DiskImage C:\Program Files\Laplink\Laplink DiskImage\oodiag.exe
19:42:13.0209 5172 OO DiskImage - ok
19:42:13.0246 5172 [ 0B717E52A37C6DC1D94C8699EAF5078F ] oodisr C:\Windows\system32\DRIVERS\oodisr.sys
19:42:13.0266 5172 oodisr - ok
19:42:13.0295 5172 [ 2EE3C65841D92FBCBC0DC437C53F3617 ] oodisrh C:\Windows\system32\DRIVERS\oodisrh.sys
19:42:13.0311 5172 oodisrh - ok
19:42:13.0344 5172 [ 2C5F7D43DD4BC626DF013AE18B1F15B6 ] oodivd C:\Windows\system32\DRIVERS\oodivd.sys
19:42:13.0371 5172 oodivd - ok
19:42:13.0396 5172 [ AB62D4128785B9B2BEFDA217A2D6A93A ] oodivdh C:\Windows\system32\DRIVERS\oodivdh.sys
19:42:13.0406 5172 oodivdh - ok
19:42:13.0456 5172 [ A560DBF5A982E8E075227B00E4419B7B ] osaio C:\Windows\system32\drivers\osaio.sys
19:42:13.0469 5172 osaio - ok
19:42:13.0528 5172 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:42:13.0557 5172 ose - ok
19:42:13.0707 5172 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:42:13.0756 5172 p2pimsvc - ok
19:42:13.0836 5172 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:42:13.0843 5172 p2psvc - ok
19:42:13.0921 5172 [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:42:13.0931 5172 Parport - ok
19:42:13.0988 5172 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:42:14.0002 5172 partmgr - ok
19:42:14.0034 5172 [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:42:14.0045 5172 Parvdm - ok
19:42:14.0093 5172 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:42:14.0104 5172 PcaSvc - ok
19:42:14.0158 5172 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:42:14.0196 5172 pci - ok
19:42:14.0233 5172 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
19:42:14.0252 5172 pciide - ok
19:42:14.0331 5172 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:42:14.0355 5172 pcmcia - ok
19:42:14.0426 5172 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
19:42:14.0497 5172 pcouffin - ok
19:42:14.0778 5172 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:42:14.0958 5172 PEAUTH - ok
19:42:15.0447 5172 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:42:15.0670 5172 pla - ok
19:42:15.0769 5172 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:42:15.0849 5172 PlugPlay - ok
19:42:15.0988 5172 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:42:15.0995 5172 PNRPAutoReg - ok
19:42:16.0120 5172 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:42:16.0127 5172 PNRPsvc - ok
19:42:16.0176 5172 Point32 - ok
19:42:16.0284 5172 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:42:16.0335 5172 PolicyAgent - ok
19:42:16.0429 5172 [ 09687A361C9F1418973A4AE17D2F52CC ] portio32 C:\Windows\system32\drivers\portio32.sys
19:42:16.0453 5172 portio32 - ok
19:42:16.0823 5172 [ 859D1D0EEF2E0DD293FB3E1BBA3DCAEC ] ppped C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
19:42:16.0956 5172 ppped - ok
19:42:17.0191 5172 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:42:17.0218 5172 PptpMiniport - ok
19:42:17.0250 5172 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
19:42:17.0283 5172 Processor - ok
19:42:17.0376 5172 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:42:17.0402 5172 ProfSvc - ok
19:42:17.0433 5172 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:42:17.0435 5172 ProtectedStorage - ok
19:42:17.0500 5172 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:42:17.0526 5172 PSched - ok
19:42:17.0724 5172 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:42:17.0886 5172 ql2300 - ok
19:42:17.0917 5172 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:42:17.0943 5172 ql40xx - ok
19:42:18.0062 5172 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:42:18.0201 5172 QWAVE - ok
19:42:18.0268 5172 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:42:18.0305 5172 QWAVEdrv - ok
19:42:18.0356 5172 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:42:18.0366 5172 RasAcd - ok
19:42:18.0428 5172 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:42:18.0457 5172 RasAuto - ok
19:42:18.0569 5172 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:42:18.0628 5172 Rasl2tp - ok
19:42:18.0760 5172 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:42:18.0909 5172 RasMan - ok
19:42:18.0989 5172 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:42:19.0006 5172 RasPppoe - ok
19:42:19.0060 5172 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:42:19.0105 5172 RasSstp - ok
19:42:19.0207 5172 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:42:19.0253 5172 rdbss - ok
19:42:19.0337 5172 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:42:19.0383 5172 RDPCDD - ok
19:42:19.0552 5172 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
19:42:19.0719 5172 rdpdr - ok
19:42:19.0744 5172 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:42:19.0786 5172 RDPENCDD - ok
19:42:19.0899 5172 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:42:19.0961 5172 RDPWD - ok
19:42:20.0023 5172 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:42:20.0077 5172 RemoteAccess - ok
19:42:20.0149 5172 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:42:20.0171 5172 RemoteRegistry - ok
19:42:20.0319 5172 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
19:42:20.0377 5172 RFCOMM - ok
19:42:20.0418 5172 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:42:20.0429 5172 RpcLocator - ok
19:42:20.0590 5172 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:42:20.0597 5172 RpcSs - ok
19:42:20.0653 5172 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:42:20.0668 5172 rspndr - ok
19:42:20.0706 5172 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:42:20.0709 5172 SamSs - ok
19:42:20.0813 5172 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:42:20.0847 5172 sbp2port - ok
19:42:21.0150 5172 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:42:21.0181 5172 SBSDWSCService - ok
19:42:21.0215 5172 [ F5A633609777C212EC5FF19927FC5955 ] ScanUSBEMPIA C:\Windows\system32\DRIVERS\emScan.sys
19:42:21.0217 5172 ScanUSBEMPIA - ok
19:42:21.0301 5172 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:42:21.0326 5172 SCardSvr - ok
19:42:21.0548 5172 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:42:21.0640 5172 Schedule - ok
19:42:21.0695 5172 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:42:21.0697 5172 SCPolicySvc - ok
19:42:21.0751 5172 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:42:21.0769 5172 SDRSVC - ok
19:42:21.0809 5172 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:42:21.0822 5172 secdrv - ok
19:42:21.0873 5172 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:42:21.0892 5172 seclogon - ok
19:42:21.0942 5172 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:42:21.0956 5172 SENS - ok
19:42:22.0011 5172 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:42:22.0023 5172 Serenum - ok
19:42:22.0078 5172 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:42:22.0101 5172 Serial - ok
19:42:22.0156 5172 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:42:22.0177 5172 sermouse - ok
19:42:22.0264 5172 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:42:22.0283 5172 SessionEnv - ok
19:42:22.0333 5172 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:42:22.0358 5172 sffdisk - ok
19:42:22.0406 5172 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:42:22.0418 5172 sffp_mmc - ok
19:42:22.0447 5172 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:42:22.0477 5172 sffp_sd - ok
19:42:22.0512 5172 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:42:22.0530 5172 sfloppy - ok
19:42:22.0602 5172 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:42:22.0656 5172 SharedAccess - ok
19:42:22.0825 5172 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:42:22.0870 5172 ShellHWDetection - ok
19:42:22.0917 5172 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:42:22.0934 5172 sisagp - ok
19:42:22.0979 5172 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:42:23.0000 5172 SiSRaid2 - ok
19:42:23.0022 5172 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:42:23.0075 5172 SiSRaid4 - ok
19:42:23.0163 5172 [ DD22C852933516ED9B63BFD94BC83622 ] SIUSBXP C:\Windows\system32\drivers\SiUSBXp.sys
19:42:23.0173 5172 SIUSBXP - ok
19:42:23.0605 5172 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:42:23.0699 5172 slsvc - ok
19:42:23.0734 5172 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:42:23.0752 5172 SLUINotify - ok
19:42:23.0796 5172 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:42:23.0823 5172 Smb - ok
19:42:23.0887 5172 [ 9ACBC471D86ED01A6F6BF30394C8ACEF ] smbusp C:\Windows\system32\DRIVERS\intelsmb.sys
19:42:23.0902 5172 smbusp - ok
19:42:23.0992 5172 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:42:24.0001 5172 SNMPTRAP - ok
19:42:24.0061 5172 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:42:24.0077 5172 spldr - ok
19:42:24.0130 5172 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:42:24.0150 5172 Spooler - ok
19:42:24.0164 5172 sptd - ok
19:42:24.0283 5172 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:42:24.0340 5172 srv - ok
19:42:24.0428 5172 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:42:24.0469 5172 srv2 - ok
19:42:24.0543 5172 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:42:24.0579 5172 srvnet - ok
19:42:24.0661 5172 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:42:24.0680 5172 SSDPSRV - ok
19:42:24.0731 5172 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:42:24.0754 5172 SstpSvc - ok
19:42:25.0340 5172 [ C5003D42CC88C1F5D54ED9AF28D6ED7B ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
19:42:25.0377 5172 STacSV - ok
19:42:25.0531 5172 [ 773940B8D50439391FFA619B3EEF01A3 ] StatusAgent4 C:\Windows\system32\SAgent4.exe
19:42:25.0560 5172 StatusAgent4 - ok
19:42:25.0679 5172 [ 591E0DA800F1A5833A0FF6C865C395EA ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
19:42:25.0738 5172 STHDA - ok
19:42:25.0808 5172 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:42:25.0850 5172 stisvc - ok
19:42:25.0914 5172 [ 0C67EA714F63F3D55B2B8D4F22B5FE3B ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:42:25.0916 5172 stllssvr - ok
19:42:25.0941 5172 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:42:25.0948 5172 swenum - ok
19:42:26.0048 5172 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:42:26.0058 5172 swprv - ok
19:42:26.0117 5172 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:42:26.0123 5172 Symc8xx - ok
19:42:26.0147 5172 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:42:26.0148 5172 Sym_hi - ok
19:42:26.0174 5172 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:42:26.0184 5172 Sym_u3 - ok
19:42:26.0257 5172 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:42:26.0301 5172 SysMain - ok
19:42:26.0352 5172 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:42:26.0357 5172 TabletInputService - ok
19:42:26.0427 5172 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:42:26.0452 5172 TapiSrv - ok
19:42:26.0505 5172 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:42:26.0541 5172 TBS - ok
19:42:26.0657 5172 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:42:26.0990 5172 Tcpip - ok
19:42:27.0074 5172 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:42:27.0081 5172 Tcpip6 - ok
19:42:27.0151 5172 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:42:27.0176 5172 tcpipreg - ok
19:42:27.0228 5172 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:42:27.0249 5172 TDPIPE - ok
19:42:27.0320 5172 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:42:27.0336 5172 TDTCP - ok
19:42:27.0401 5172 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:42:27.0453 5172 tdx - ok
19:42:28.0936 5172 [ 851C5080261DFC1FCDC21DF0E5EA3BCB ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
19:42:29.0726 5172 TeamViewer8 - ok
19:42:29.0787 5172 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:42:29.0811 5172 TermDD - ok
19:42:29.0906 5172 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:42:29.0959 5172 TermService - ok
19:42:30.0020 5172 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:42:30.0025 5172 Themes - ok
19:42:30.0097 5172 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:42:30.0100 5172 THREADORDER - ok
19:42:30.0172 5172 [ 22BF524F119C1BEDAD13FA9AFDBB48DF ] tiltmouse C:\Windows\system32\DRIVERS\MUsbFltr.sys
19:42:30.0192 5172 tiltmouse - ok
19:42:30.0262 5172 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:42:30.0295 5172 TrkWks - ok
19:42:30.0341 5172 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\Windows\system32\TrueSight.sys
19:42:30.0364 5172 TrueSight - ok
19:42:30.0468 5172 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:42:30.0502 5172 TrustedInstaller - ok
19:42:30.0588 5172 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:42:30.0655 5172 tssecsrv - ok
19:42:30.0760 5172 [ 233FCD3443CFBBAA27E7E463DCCBC528 ] TuneUp.Defrag C:\Windows\System32\TuneUpDefragService.exe
19:42:30.0804 5172 TuneUp.Defrag - ok
19:42:30.0853 5172 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:42:30.0869 5172 tunmp - ok
19:42:30.0931 5172 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:42:30.0956 5172 tunnel - ok
19:42:31.0016 5172 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:42:31.0027 5172 uagp35 - ok
19:42:31.0132 5172 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:42:31.0175 5172 udfs - ok
19:42:31.0238 5172 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:42:31.0243 5172 UI0Detect - ok
19:42:31.0274 5172 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:42:31.0285 5172 UleadBurningHelper - ok
19:42:31.0322 5172 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:42:31.0333 5172 uliagpkx - ok
19:42:31.0415 5172 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:42:31.0455 5172 uliahci - ok
19:42:31.0492 5172 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:42:31.0519 5172 UlSata - ok
19:42:31.0556 5172 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:42:31.0581 5172 ulsata2 - ok
19:42:31.0640 5172 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:42:31.0657 5172 umbus - ok
19:42:31.0721 5172 [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
19:42:31.0737 5172 UMPass - ok
19:42:31.0835 5172 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
19:42:31.0898 5172 UmRdpService - ok
19:42:31.0979 5172 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:42:32.0006 5172 upnphost - ok
19:42:32.0097 5172 [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:42:32.0105 5172 USBAAPL - ok
19:42:32.0176 5172 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:42:32.0214 5172 usbaudio - ok
19:42:32.0302 5172 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:42:32.0313 5172 usbccgp - ok
19:42:32.0385 5172 [ 32C068EAF37C92D7194EEE1FAA1E7853 ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys
19:42:32.0413 5172 USBCCID - ok
19:42:32.0477 5172 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:42:32.0511 5172 usbcir - ok
19:42:32.0572 5172 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:42:32.0599 5172 usbehci - ok
19:42:32.0685 5172 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:42:32.0712 5172 usbhub - ok
19:42:32.0739 5172 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:42:32.0754 5172 usbohci - ok
19:42:32.0789 5172 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:42:32.0801 5172 usbprint - ok
19:42:32.0850 5172 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:42:32.0864 5172 usbscan - ok
19:42:32.0900 5172 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:42:32.0948 5172 USBSTOR - ok
19:42:33.0009 5172 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:42:33.0022 5172 usbuhci - ok
19:42:33.0082 5172 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:42:33.0093 5172 UxSms - ok
19:42:33.0153 5172 [ 25895CC7C3F101419A9ED1BF65A8BD62 ] UxTuneUp C:\Windows\System32\uxtuneup.dll
19:42:33.0168 5172 UxTuneUp - ok
19:42:33.0232 5172 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:42:33.0249 5172 VClone - ok
19:42:33.0378 5172 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:42:33.0414 5172 vds - ok
19:42:33.0829 5172 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:42:33.0840 5172 vga - ok
19:42:33.0877 5172 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:42:33.0893 5172 VgaSave - ok
19:42:33.0950 5172 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:42:33.0992 5172 viaagp - ok
19:42:34.0039 5172 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:42:34.0061 5172 ViaC7 - ok
19:42:34.0098 5172 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
19:42:34.0100 5172 viaide - ok
19:42:34.0129 5172 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:42:34.0139 5172 volmgr - ok
19:42:34.0244 5172 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:42:34.0328 5172 volmgrx - ok
19:42:34.0420 5172 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:42:34.0464 5172 volsnap - ok
19:42:34.0532 5172 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:42:34.0555 5172 vsmraid - ok
19:42:34.0805 5172 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:42:34.0978 5172 VSS - ok
19:42:35.0424 5172 [ 3A5F9D943E2566E59163B2502FA684F8 ] VX6000 C:\Windows\system32\DRIVERS\VX6000Xp.sys
19:42:35.0750 5172 VX6000 - ok
19:42:35.0821 5172 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:42:35.0853 5172 W32Time - ok
19:42:35.0883 5172 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:42:35.0903 5172 WacomPen - ok
19:42:35.0957 5172 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:42:35.0987 5172 Wanarp - ok
19:42:36.0018 5172 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:42:36.0020 5172 Wanarpv6 - ok
19:42:36.0211 5172 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
19:42:36.0254 5172 wbengine - ok
19:42:36.0329 5172 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:42:36.0367 5172 wcncsvc - ok
19:42:36.0416 5172 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:42:36.0425 5172 WcsPlugInService - ok
19:42:36.0473 5172 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
19:42:36.0503 5172 Wd - ok
19:42:36.0692 5172 [ E88C32C7F2781F7ECB88567CA6D4805C ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
19:42:36.0744 5172 WDDriveService - ok
19:42:36.0917 5172 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:42:36.0998 5172 Wdf01000 - ok
19:42:37.0059 5172 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:42:37.0081 5172 WdiServiceHost - ok
19:42:37.0113 5172 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:42:37.0121 5172 WdiSystemHost - ok
19:42:37.0188 5172 [ A7F6556CB431180BDEDDC869D02E48BD ] WDUDSMBus C:\Windows\system32\Drivers\WDUDSMBus.sys
19:42:37.0222 5172 WDUDSMBus - ok
19:42:37.0304 5172 [ B0F2BA80CE5718587D88BA4BACD56D1B ] WDUDSTcpBus C:\Windows\system32\Drivers\WDUDSTcpBus.sys
19:42:37.0351 5172 WDUDSTcpBus - ok
19:42:37.0455 5172 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:42:37.0492 5172 WebClient - ok
19:42:37.0580 5172 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:42:37.0602 5172 Wecsvc - ok
19:42:37.0665 5172 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:42:37.0685 5172 wercplsupport - ok
19:42:37.0748 5172 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:42:37.0755 5172 WerSvc - ok
19:42:37.0809 5172 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
19:42:37.0822 5172 WimFltr - ok
19:42:37.0990 5172 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:42:38.0010 5172 WinDefend - ok
19:42:38.0055 5172 WinHttpAutoProxySvc - ok
19:42:38.0385 5172 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:42:38.0418 5172 Winmgmt - ok
19:42:38.0641 5172 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:42:38.0904 5172 WinRM - ok
19:42:39.0089 5172 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:42:39.0185 5172 Wlansvc - ok
19:42:39.0451 5172 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:42:39.0462 5172 wlcrasvc - ok
19:42:39.0892 5172 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:42:40.0147 5172 wlidsvc - ok
19:42:40.0229 5172 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:42:40.0262 5172 WmiAcpi - ok
19:42:40.0352 5172 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:42:40.0385 5172 wmiApSrv - ok
19:42:40.0620 5172 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:42:40.0747 5172 WMPNetworkSvc - ok
19:42:40.0816 5172 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:42:40.0832 5172 WPCSvc - ok
19:42:40.0927 5172 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:42:40.0978 5172 WPDBusEnum - ok
19:42:41.0057 5172 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
19:42:41.0071 5172 WpdUsb - ok
19:42:41.0828 5172 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:42:41.0863 5172 WPFFontCache_v0400 - ok
19:42:41.0942 5172 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:42:41.0943 5172 ws2ifsl - ok
19:42:41.0996 5172 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
19:42:42.0001 5172 wscsvc - ok
19:42:42.0069 5172 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
19:42:42.0086 5172 WSDPrintDevice - ok
19:42:42.0156 5172 [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
19:42:42.0170 5172 WSDScan - ok
19:42:42.0184 5172 WSearch - ok
19:42:42.0612 5172 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:42:42.0844 5172 wuauserv - ok
19:42:42.0891 5172 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:42:42.0906 5172 WudfPf - ok
19:42:42.0932 5172 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:42:42.0936 5172 WUDFRd - ok
19:42:42.0988 5172 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:42:42.0993 5172 wudfsvc - ok
19:42:43.0133 5172 [ 5867CE254625645345C833510D24F124 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
19:42:43.0143 5172 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
19:42:43.0183 5172 ================ Scan global ===============================
19:42:43.0266 5172 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:42:43.0384 5172 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
19:42:43.0481 5172 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
19:42:43.0593 5172 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:42:43.0620 5172 [Global] - ok
19:42:43.0623 5172 ================ Scan MBR ==================================
19:42:43.0646 5172 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:42:44.0023 5172 \Device\Harddisk0\DR0 - ok
19:42:44.0027 5172 [ 096B4D6D03500A9B7DEB27F2244E9A60 ] \Device\Harddisk1\DR1
19:42:44.0031 5172 \Device\Harddisk1\DR1 - ok
19:42:44.0038 5172 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
19:42:44.0043 5172 \Device\Harddisk2\DR2 - ok
19:42:44.0044 5172 ================ Scan VBR ==================================
19:42:44.0047 5172 [ E28AC35A04903CE39FC5E78785B8D29C ] \Device\Harddisk0\DR0\Partition1
19:42:44.0049 5172 \Device\Harddisk0\DR0\Partition1 - ok
19:42:44.0074 5172 [ 3AC9D9A6FA9392317CEC851892810440 ] \Device\Harddisk0\DR0\Partition2
19:42:44.0093 5172 \Device\Harddisk0\DR0\Partition2 - ok
19:42:44.0121 5172 [ B1833C59A13A36BC4914841574901798 ] \Device\Harddisk0\DR0\Partition3
19:42:44.0124 5172 \Device\Harddisk0\DR0\Partition3 - ok
19:42:44.0128 5172 [ 2DF47BD7813F062E312FAE24F577D249 ] \Device\Harddisk2\DR2\Partition1
19:42:44.0130 5172 \Device\Harddisk2\DR2\Partition1 - ok
19:42:44.0136 5172 [ 423D4C15E3EEFE773F8FF72B0DA0CB76 ] \Device\Harddisk2\DR2\Partition2
19:42:44.0142 5172 \Device\Harddisk2\DR2\Partition2 - ok
19:42:44.0142 5172 ============================================================
19:42:44.0142 5172 Scan finished
19:42:44.0142 5172 ============================================================
19:42:44.0157 5224 Detected object count: 0
19:42:44.0157 5224 Actual detected object count: 0
19:49:23.0462 0820 Deinitialize success

enurtsol · Jul 16, 2013

AdwCleaner log:

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 19:54:44
# Updated 11/07/2013 by Xplode
# Operating system : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# User : LostRune - KYOKO
# Boot Mode : Normal
# Running from : D:\Users\LostRune\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : D:\Users\LostRune\AppData\Roaming\Mozilla\Firefox\Profiles\379cl6wj.default\jetpack

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : D:\Users\LostRune\AppData\Roaming\Mozilla\Firefox\Profiles\379cl6wj.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8475 octets] - [15/07/2013 15:34:59]
AdwCleaner[R2].txt - [8535 octets] - [15/07/2013 16:25:32]
AdwCleaner[R3].txt - [1088 octets] - [15/07/2013 19:52:45]
AdwCleaner[R4].txt - [1207 octets] - [15/07/2013 19:54:16]
AdwCleaner[S1].txt - [8877 octets] - [15/07/2013 16:28:10]
AdwCleaner[S2].txt - [328 octets] - [15/07/2013 19:53:19]
AdwCleaner[S3].txt - [1141 octets] - [15/07/2013 19:54:44]

########## EOF - C:\AdwCleaner[S3].txt - [1201 octets] ##########

Thanks again, johnb.

johnb35 · Jul 16, 2013

Then lets scan deeper.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Download this file here :

Combofix
When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
Please click on yes in the next window to continue scanning for malware.
ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.

In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running

enurtsol · Jul 16, 2013

Hello again johnb,

Hopefully I followed your instructions properly. I closed Malwarebytes, temporarily disabled ESET AV, and turned off Windows Firewall. Also closed all windows and applications running and as many processes on the system tray as I know comfortably end.

Then let Combofix run for as long as it takes and didn't touch the computer. I didn't see it create a Restore Point (and later looking at the Windows Restore Points list, it didn't make one it seems - should I manually create a Restore Point now?) nor see it backing up the Registry (though I later see files in C:\Qoobox\Quarantine\Registry_backups folder). It also didn't ask me about the Windows Recovery Console.

After awhile and "Completed Stage_50" then let it reboot automatically. Let it run some more just to be sure it's finished, with the following C:\ComboFix.txt generated. Afterwards, re-ran HijackThis and the following log file.

We let the computer run itself for a bit to see what happens. So far so good. Since then, haven't seen that Malwarebytes pop-up warning (and looking at the Malwarebytes protection-log .txt, it hasn't been logged since). Checking C:\Windows\temp displayed "didn't have permission to access folder" and had to press "Continue" to open it, so that's new - fortunately though, none of those large htt****.tmp files have re-appeared. Meanwhile, Netgear Genie is not displaying any network traffic at all, even when surfing websites, which is weird but good, definitely preferable than the previous problem (though this probably means I should re-install the program).

Thanks again, and here are the resulting log files. When you figure out what happened with all this, please let us know too and how to avoid/prevent it in the future. We really appreciate your help and knowledge. And we'll update here if the issue(s) come back or anything else weird with the computer we encounter from this.

ComboFix:

ComboFix 13-07-15.01 - LostRune 07/15/2013 21:03:36.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3317.1918 [GMT -4:00]
Running from: d:\users\LostRune\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\MyNetDashboard.ico
c:\programdata\WDInternetSecurityAndParentalControl.ico
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
d:\users\LostRune\AppData\Roaming\Xbins
d:\users\LostRune\AppData\Roaming\Xbins\dict
d:\users\LostRune\AppData\Roaming\Xbins\FileZilla.xml
d:\users\LostRune\AppData\Roaming\Xbins\icon.ico
d:\users\LostRune\AppData\Roaming\Xbins\xbinsftp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-06-16 to 2013-07-16 )))))))))))))))))))))))))))))))
.
.
2013-07-16 01:13 . 2013-07-16 01:13 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2013-07-15 21:14 . 2013-07-15 21:14 -------- d-----w- c:\program files\Common Files\Java
2013-07-15 21:14 . 2013-07-15 21:12 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-15 21:13 . 2013-07-15 21:12 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 17:16 . 2013-07-15 18:33 15616 ----a-w- c:\windows\system32\TrueSight.sys
2013-07-15 09:25 . 2013-07-15 09:25 -------- d-----w- c:\windows\ERUNT
2013-07-14 08:45 . 2013-07-14 08:49 -------- d-----w- c:\windows\system32\MRT
2013-07-14 08:45 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BE7A722-4C13-4D62-B619-06B33B73C5C0}\mpengine.dll
2013-07-10 19:49 . 2013-05-08 04:04 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 19:49 . 2013-04-17 11:28 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-10 19:49 . 2013-04-17 11:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-10 19:49 . 2013-04-17 11:28 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-07-10 19:49 . 2013-04-17 11:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-07-10 19:49 . 2013-04-17 10:34 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-10 19:49 . 2013-04-17 10:33 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-10 19:49 . 2013-04-17 10:14 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-07-10 19:49 . 2013-04-17 10:10 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 19:49 . 2013-04-17 10:10 798208 ----a-w- c:\windows\system32\FntCache.dll
2013-07-10 19:49 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 19:49 . 2013-06-01 04:06 505344 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 19:47 . 2013-04-09 03:52 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 19:47 . 2013-04-09 03:51 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 19:47 . 2013-04-09 03:51 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:47 . 2013-04-09 03:51 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 21:12 . 2011-10-01 04:28 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-24 10:40 . 2012-04-10 08:15 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-24 10:40 . 2011-05-20 10:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-09 04:15 . 2013-06-03 05:42 35088 ----a-w- c:\windows\system32\drivers\npf.sys
2013-05-17 05:24 . 2011-03-28 23:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 04:37 . 2013-06-12 05:14 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 22:03 . 2013-06-12 05:14 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03 . 2013-06-12 05:14 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 06:06 . 2009-10-03 04:00 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 04:04 . 2013-06-12 05:14 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03 . 2013-06-12 05:14 37376 ----a-w- c:\windows\system32\printcom.dll
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-24 04:00 . 2013-06-12 05:14 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 04:00 . 2013-06-12 05:14 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 04:00 . 2013-06-12 05:14 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 04:00 . 2013-06-12 05:14 41984 ----a-w- c:\windows\system32\certenc.dll
2013-04-24 01:46 . 2013-06-12 05:14 812544 ----a-w- c:\windows\system32\certutil.exe
2013-04-17 12:30 . 2013-06-12 05:13 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2011-10-08 10:59 . 2011-10-08 10:59 117312 ----a-w- c:\program files\securable.exe
2009-07-29 04:27 . 2009-07-29 04:27 121328 ----a-w- c:\program files\DisableMobsync.exe
2008-01-27 07:24 . 2008-01-27 07:24 454656 ----a-w- c:\program files\putty.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-01 20:17 222832 ----a-w- c:\users\LostRune\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-01 20:17 222832 ----a-w- c:\users\LostRune\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-01 20:17 222832 ----a-w- c:\users\LostRune\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2010-05-27 18:40 111960 ----a-w- c:\program files\Laplink\Laplink DiskImage\oodishi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"NETGEARGenie"="c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2013-04-07 1044224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SkyDrive"="c:\users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-07-01 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2011-03-16 325000]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"ipTray.exe"="c:\program files\Intel\IDU\iptray.exe" [2006-12-28 2242328]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2012-03-27 350144]
"OODITRAY.EXE"="c:\program files\Laplink\Laplink DiskImage\OODITRAY.EXE" [2010-05-27 1918296]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"IntelAudioStudio"="c:\program files\Intel Audio Studio 2.7\IntelAudioStudio.exe" TRAY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 16:49 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 21:23 38400 ------w- c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 14:50 30720 ------w- c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 18:31]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 06:10]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 06:10]
.
2013-07-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-05-05 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Links to this page - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
IE: &Similar pages - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - d:\users\LostRune\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Look up in Mr&Check... - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
IE: Open in &new window - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
IE: Search with &Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Send to &Bluetooth Device... - c:\program files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
IE: Show page from the &cache - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gcache.htm
IE: Translate this page with Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: View old version at &archives.org - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
IE: Zoom &in - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
IE: Zoom &out - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\users\LostRune\AppData\Roaming\Mozilla\Firefox\Profiles\379cl6wj.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-05-24 00:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FITBIT&10C4&84C4 - c:\program files\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-15 21:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(4092)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Laplink\Laplink DiskImage\oodishi.dll
c:\program files\Laplink\Laplink DiskImage\oodishrs.dll
c:\windows\system32\CbFsNetRdr3.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\CbFsMntNtf3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
c:\program files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
c:\windows\System32\vdsldr.exe
c:\program files\Core Temp\Core Temp.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\IDU\awServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\program files\Fitbit\fitbit.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\windows\system32\SAgent4.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\windows\System32\vds.exe
c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Laplink\Laplink DiskImage\oodiag.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OUTLOOK ON THE DESKTOP\OUTLOOKDESKTOP.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\NETGEAR Genie\bin\genie2_tray.exe
c:\program files\Microsoft Office\Office12\OUTLOOK.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-07-15 21:26:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-16 01:25
.
Pre-Run: 4,388,044,800 bytes free
Post-Run: 3,978,641,408 bytes free
.
- - End Of File - - FEE58293BF1AE75AB34BDCD59714E4A4
5C616939100B85E558DA92B899A0FC36

HijackThis:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:57:48 PM, on 7/15/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)

FIREFOX: 22.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Laplink\Laplink DiskImage\ooditray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\PROGRAM FILES\OUTLOOK ON THE DESKTOP\OUTLOOKDESKTOP.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Users\LostRune\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\Run: [OODITRAY.EXE] C:\Program Files\Laplink\Laplink DiskImage\OODITRAY.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Links to this page - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
O8 - Extra context menu item: &Similar pages - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to iPod Converter - D:\Users\LostRune\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
O8 - Extra context menu item: Look up in Mr&Check... - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
O8 - Extra context menu item: Open in &new window - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Search with &Google - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O8 - Extra context menu item: Show page from the &cache - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gcache.htm
O8 - Extra context menu item: Translate this page with Google - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: View old version at &archives.org - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Zoom &in - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &out - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
O16 - DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} (TNetworkScanner Control) - http://optimum.net/downloads/TNetworkScannerXControl.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209007354990
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209007424377
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files\Fitbit\fitbit.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: OO DiskImage - Unknown owner - C:\Program Files\Laplink\Laplink DiskImage\oodiag.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\Windows\system32\SAgent4.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe

--
End of file - 15227 bytes

johnb35 · Jul 16, 2013

OK, good to hear its running better.

I would like to see one more report. Navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.

I see one program that needs to be uninstalled and there may be more.

Then we will have a little cleanup left to do.

enurtsol · Jul 16, 2013

Sure, no problem. So far so good. Still like to know what the heck happened so we don't do it again. Here goes:

C:\Qoobox\Add-Remove Programs.txt

Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.57
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
ANYCOM USB-200/250 Bluetooth Software
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
AviSynth 2.5
BadCopy Pro
BatchPurifier
Beyond TV DVD Burning Foundation
Bonjour
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Media Center
Catalyst Media Center DVD Authoring Module
ccc-core-static
ccc-utility
CCC Help English
CloneCD
CloneDVD2
Combined Community Codec Pack 2008-01-24
Console Classix 4.06
ConvertHelper 2.2
ConvertXtoDVD 3.8.0.193d
Core Temp version 0.99.7
CyberPower PowerPanel Personal Edition 1.3.3
D3DX10
Data Lifeguard Diagnostic for Windows
Debugging Tools for Windows (x86)
DiskExplorer for NTFS
DVD Profiler Version 3.7.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
Easy CD-DA Extractor 2010
EPSON Artisan 830 Series Printer Uninstall
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup 3.3
eReg
erLT
ESET NOD32 Antivirus
Fitbit Base Station (Driver Removal)
Fitbit v2.1.0
FormatFactory 2.95
FoxyTunes for Firefox
Free Audio CD Burner version 1.4.7
Free Audio CD to MP3 Converter version 1.3.7
Free Video to iPhone Converter version 3.2.10
Free Video to iPod Converter version 3.1
Free Video to Mp3 Converter version 3.1
Free YouTube Download version 2.10.36.517
Free YouTube to iPhone Converter version 3.10.27
Free YouTube to iPod Converter version 3.10.815
Free YouTube to MP3 Converter version 3.9.32
FUJIFILM MyFinePix Studio 3.1
GetDataBack for NTFS
Ghostery IE Plugin
Google Earth Plug-in
Google Gears
Google Update Helper
HandBrake 0.9.5
Hauppauge English Help Files and Resources
Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
Hauppauge Signal Monitor Utility
Hauppauge WinTV
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
IDT Audio
ImgBurn
Intel Audio Studio 2.7
Intel Processor Diagnostic Tool
Intel(R) Desktop Utilities
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections 12.4.38.0
Intel(R) SMBus
InterVideo FilterSDK for Hauppauge
InterVideo MediaOne Gallery
InterVideo WinDVD
IrfanView (remove only)
iTunes
Japanese Fonts Support For Adobe Reader 8
Java 7 Update 25
Java Auto Updater
Just Great Software EditPad Lite 6.4.3
Laplink DiskImage Professional
LightScribe System Software
Logitech SetPoint 6.32
Logitech Unifying Software 2.10
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XML Parser
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Net View
NETGEAR Genie
NETGEAR Live Parental Controls Management Utility 2.1.6
NETGEAR Live Parental Controls User Utility 1.0b40
Outlook on the Desktop 1.4.0
Paragon Partition Manager 8.5 Server Edition
PicWalker 4.2
Pinnacle Studio 12
Pinnacle Video Driver
PortTrigger 1.0
PowerDVD
PowerDVD Ultra
QuickSFV (Remove only)
QuickTime
RATattack 0.2
ratDVD 0.78.1444
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Segoe UI
Skype™ 3.8
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SureThing CD Labeler LightScribe 5.0.581.0
System Requirements Lab
System Requirements Lab for Intel
TeamViewer 8
TuneUp Utilities 2008
Ultimate Extras sounds from Microsoft® Tinker™
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
Vista Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Print Share
WD Quick View
Windows 7 Upgrade Advisor
Windows Automated Installation Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Sidebar Styler
Windows Sound Schemes
WinPatrol 2009
WinSCP 4.0.7

It's an old computer, so we basically just use it for internet stuff, and unfortunately we didn't bother uninstalling some stuff we hardly use anymore. Thanks again, johnb, and please take your time, since we may not able to do everything tonight as it's getting late here.

johnb35 · Jul 16, 2013

Please uninstall the following programs.

Spybot - Search & Destroy - old and outdated - malwarebytes is much better
TuneUp Utilities 2008 - old and outdated - really not needed anyway
Uninstall 1.0.0.1 - not needed
WinPatrol 2009 - old and outdated

Also rerun hijackthis and place checks next to the following entries.

O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then click on fix checked.

enurtsol · Jul 16, 2013

Hello again johnb,

Sorry for the lateness; just got back.
As per your instructions, done and done. Actually, I upgraded WinPatrol to the latest version, but for some reason, it still says 2009 on the Programs list.
And still so far so good. Nothing else weird happening, and will update if there is.
Thanks a lot again. Though we're still a bit paranoid not knowing how to avoid repeating this, haha. (Looking at the web history, doesn't seem we surfed into any questionable website....... unless a "safe" website didn't know it was compromised........) We definitely owe ya a beer or two.

Help requested: Malwarebytes constant pop-ups block 95.211.194.79

enurtsol

New Member

johnb35

Administrator

enurtsol

New Member

enurtsol

New Member

enurtsol

New Member

johnb35

Administrator

enurtsol

New Member

johnb35

Administrator

enurtsol

New Member

johnb35

Administrator

enurtsol

New Member