Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91520 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

IE10 browser & Outlook.com erratic [Solved]


  • This topic is locked This topic is locked
35 replies to this topic

#16 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 183 posts

Posted 26 January 2014 - 07:53 PM

TDSSKiller_complete.PNG TDSSKillerResults.PNG TDSSKillerParameters.PNG

 

Hi Tomk,

 

I've run the TDSSKiller scan but it didn't go quite according to directions. In Step 6, the three options offered were Skip, Copy to Quarantine, and Delete. There was no option to Cure!

 

I've left the option on Skip and it just completed the scan. No offer to reboot but just returned to the first screen to Start Scan with found objects as in screen snip.

 

By the way, Change Parameters screen was a little different. Objects to Scan gave 4 options, three of which were ticked (see attached screen snip); I left those parameters as default and ticked the Additional items you advised.

 

I've also attached screen snips of the results and completed windows.

 

Here is the report created:

 

12:07:09.0734 5000  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:07:09.0754 5000  ============================================================
12:07:09.0754 5000  Current date / time: 2014/01/27 12:07:09.0754
12:07:09.0754 5000  SystemInfo:
12:07:09.0754 5000 
12:07:09.0754 5000  OS Version: 6.1.7601 ServicePack: 1.0
12:07:09.0754 5000  Product type: Workstation
12:07:09.0754 5000  ComputerName: HEATHER-PC
12:07:09.0754 5000  UserName: Heather
12:07:09.0754 5000  Windows directory: C:\Windows
12:07:09.0754 5000  System windows directory: C:\Windows
12:07:09.0754 5000  Running under WOW64
12:07:09.0754 5000  Processor architecture: Intel x64
12:07:09.0754 5000  Number of processors: 2
12:07:09.0754 5000  Page size: 0x1000
12:07:09.0754 5000  Boot type: Normal boot
12:07:09.0754 5000  ============================================================
12:07:10.0094 5000  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:07:10.0114 5000  Drive \Device\Harddisk2\DR2 - Size: 0x1EF80000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:07:10.0124 5000  ============================================================
12:07:10.0124 5000  \Device\Harddisk0\DR0:
12:07:10.0124 5000  MBR partitions:
12:07:10.0124 5000  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
12:07:10.0124 5000  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
12:07:10.0124 5000  \Device\Harddisk2\DR2:
12:07:10.0124 5000  MBR partitions:
12:07:10.0124 5000  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0xF7BE0
12:07:10.0124 5000  ============================================================
12:07:10.0154 5000  C: <-> \Device\Harddisk0\DR0\Partition2
12:07:10.0154 5000  ============================================================
12:07:10.0154 5000  Initialize success
12:07:10.0154 5000  ============================================================
12:08:08.0388 4804  ============================================================
12:08:08.0388 4804  Scan started
12:08:08.0388 4804  Mode: Manual; SigCheck; TDLFS;
12:08:08.0388 4804  ============================================================
12:08:08.0528 4804  ================ Scan system memory ========================
12:08:08.0528 4804  System memory - ok
12:08:08.0528 4804  ================ Scan services =============================
12:08:08.0728 4804  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:08:08.0838 4804  1394ohci - ok
12:08:08.0878 4804  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:08:08.0918 4804  ACPI - ok
12:08:08.0958 4804  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:08:09.0038 4804  AcpiPmi - ok
12:08:09.0178 4804  [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:08:09.0198 4804  AdobeARMservice - ok
12:08:09.0348 4804  [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:08:09.0378 4804  AdobeFlashPlayerUpdateSvc - ok
12:08:09.0448 4804  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:08:09.0478 4804  adp94xx - ok
12:08:09.0518 4804  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:08:09.0548 4804  adpahci - ok
12:08:09.0598 4804  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:08:09.0628 4804  adpu320 - ok
12:08:09.0658 4804  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:08:09.0818 4804  AeLookupSvc - ok
12:08:09.0868 4804  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
12:08:09.0948 4804  AFD - ok
12:08:09.0988 4804  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:08:10.0018 4804  agp440 - ok
12:08:10.0060 4804  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:08:10.0110 4804  ALG - ok
12:08:10.0180 4804  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:08:10.0200 4804  aliide - ok
12:08:10.0240 4804  [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:08:10.0300 4804  AMD External Events Utility - ok
12:08:10.0340 4804  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:08:10.0360 4804  amdide - ok
12:08:10.0400 4804  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:08:10.0460 4804  AmdK8 - ok
12:08:10.0480 4804  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:08:10.0520 4804  AmdPPM - ok
12:08:10.0570 4804  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:08:10.0590 4804  amdsata - ok
12:08:10.0620 4804  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:08:10.0650 4804  amdsbs - ok
12:08:10.0680 4804  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:08:10.0700 4804  amdxata - ok
12:08:10.0730 4804  [ 98449A2957778A6F025C418438A380F4 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
12:08:10.0770 4804  ApfiltrService - ok
12:08:10.0840 4804  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:08:11.0010 4804  AppID - ok
12:08:11.0030 4804  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:08:11.0120 4804  AppIDSvc - ok
12:08:11.0190 4804  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
12:08:11.0250 4804  Appinfo - ok
12:08:11.0320 4804  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:08:11.0350 4804  arc - ok
12:08:11.0370 4804  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:08:11.0390 4804  arcsas - ok
12:08:11.0480 4804  [ 57483E691D635510533E081EC4CB81EC ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
12:08:11.0510 4804  aswKbd - ok
12:08:11.0570 4804  [ 9C2BEA3957EFFD45F352F0938DFB3721 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:08:11.0600 4804  aswMonFlt - ok
12:08:11.0670 4804  [ 679712B7A353EE665B9301592164A172 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
12:08:11.0700 4804  aswRdr - ok
12:08:11.0760 4804  [ C04F7B373881009D7994D9BF55D24AB4 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
12:08:11.0790 4804  aswRvrt - ok
12:08:11.0850 4804  [ 52B5F8FAF7E78C02D26B0B6E3A05F596 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:08:11.0900 4804  aswSnx - ok
12:08:11.0980 4804  [ 251360C2FCA22BAFE0583314B3262F98 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:08:12.0020 4804  aswSP - ok
12:08:12.0060 4804  [ AAB5F5336EDBB5D99CC7E1A9F4D8F63F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
12:08:12.0090 4804  aswStm - ok
12:08:12.0140 4804  [ 90399625F341AB76BA4B85A5E860EB1F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
12:08:12.0170 4804  aswVmm - ok
12:08:12.0210 4804  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:08:12.0280 4804  AsyncMac - ok
12:08:12.0330 4804  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:08:12.0360 4804  atapi - ok
12:08:12.0520 4804  [ A08339AE90972E268B9622C668F450E8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:08:12.0700 4804  atikmdag - ok
12:08:12.0790 4804  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:08:12.0890 4804  AudioEndpointBuilder - ok
12:08:12.0900 4804  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:08:12.0950 4804  AudioSrv - ok
12:08:13.0060 4804  [ D74884939D53612FD84AC82C59CCFE27 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:08:13.0090 4804  avast! Antivirus - ok
12:08:13.0130 4804  [ 1247D6B0F35AA93774CFBFD73203D857 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
12:08:13.0170 4804  avast! Firewall - ok
12:08:13.0250 4804  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:08:13.0340 4804  AxInstSV - ok
12:08:13.0380 4804  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:08:13.0430 4804  b06bdrv - ok
12:08:13.0470 4804  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:08:13.0530 4804  b57nd60a - ok
12:08:13.0570 4804  [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
12:08:13.0590 4804  BCM42RLY - ok
12:08:13.0690 4804  [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
12:08:13.0750 4804  BCM43XX - ok
12:08:13.0800 4804  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:08:13.0840 4804  BDESVC - ok
12:08:13.0890 4804  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:08:13.0980 4804  Beep - ok
12:08:14.0060 4804  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:08:14.0150 4804  BFE - ok
12:08:14.0190 4804  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
12:08:14.0270 4804  BITS - ok
12:08:14.0570 4804  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:08:14.0620 4804  blbdrive - ok
12:08:14.0680 4804  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:08:14.0730 4804  bowser - ok
12:08:14.0760 4804  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:08:14.0800 4804  BrFiltLo - ok
12:08:14.0820 4804  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:08:14.0870 4804  BrFiltUp - ok
12:08:14.0940 4804  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:08:15.0020 4804  BridgeMP - ok
12:08:15.0060 4804  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:08:15.0120 4804  Browser - ok
12:08:15.0150 4804  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:08:15.0190 4804  Brserid - ok
12:08:15.0210 4804  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:08:15.0250 4804  BrSerWdm - ok
12:08:15.0300 4804  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:08:15.0370 4804  BrUsbMdm - ok
12:08:15.0380 4804  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:08:15.0420 4804  BrUsbSer - ok
12:08:15.0460 4804  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:08:15.0520 4804  BTHMODEM - ok
12:08:15.0560 4804  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:08:15.0610 4804  bthserv - ok
12:08:15.0670 4804  catchme - ok
12:08:15.0740 4804  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:08:15.0810 4804  cdfs - ok
12:08:15.0860 4804  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:08:15.0890 4804  cdrom - ok
12:08:15.0930 4804  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:08:16.0010 4804  CertPropSvc - ok
12:08:16.0040 4804  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:08:16.0100 4804  circlass - ok
12:08:16.0160 4804  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:08:16.0190 4804  CLFS - ok
12:08:16.0250 4804  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:16.0280 4804  clr_optimization_v2.0.50727_32 - ok
12:08:16.0340 4804  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:08:16.0370 4804  clr_optimization_v2.0.50727_64 - ok
12:08:16.0450 4804  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:08:16.0470 4804  clr_optimization_v4.0.30319_32 - ok
12:08:16.0500 4804  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:08:16.0520 4804  clr_optimization_v4.0.30319_64 - ok
12:08:16.0550 4804  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:08:16.0610 4804  CmBatt - ok
12:08:16.0650 4804  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:08:16.0680 4804  cmdide - ok
12:08:16.0730 4804  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:08:16.0770 4804  CNG - ok
12:08:16.0810 4804  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:08:16.0830 4804  Compbatt - ok
12:08:16.0880 4804  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:08:16.0950 4804  CompositeBus - ok
12:08:16.0980 4804  COMSysApp - ok
12:08:17.0000 4804  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:08:17.0020 4804  crcdisk - ok
12:08:17.0070 4804  [ 0D7F96AF026D7C1AFDE2A83980A65018 ] CryptOSD        C:\Windows\system32\DRIVERS\CryptOSD.sys
12:08:17.0130 4804  CryptOSD - ok
12:08:17.0170 4804  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:08:17.0250 4804  CryptSvc - ok
12:08:17.0290 4804  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:08:17.0340 4804  CtClsFlt - ok
12:08:17.0410 4804  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:08:17.0560 4804  DcomLaunch - ok
12:08:17.0650 4804  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:08:17.0710 4804  defragsvc - ok
12:08:17.0800 4804  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:08:17.0890 4804  DfsC - ok
12:08:17.0940 4804  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:08:18.0020 4804  Dhcp - ok
12:08:18.0050 4804  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:08:18.0120 4804  discache - ok
12:08:18.0190 4804  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:08:18.0210 4804  Disk - ok
12:08:18.0240 4804  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:08:18.0320 4804  Dnscache - ok
12:08:18.0400 4804  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
12:08:18.0460 4804  DockLoginService ( UnsignedFile.Multi.Generic ) - warning
12:08:18.0460 4804  DockLoginService - detected UnsignedFile.Multi.Generic (1)
12:08:18.0520 4804  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:08:18.0590 4804  dot3svc - ok
12:08:18.0630 4804  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:08:18.0710 4804  DPS - ok
12:08:18.0770 4804  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:08:18.0810 4804  drmkaud - ok
12:08:18.0870 4804  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:08:18.0910 4804  DXGKrnl - ok
12:08:18.0940 4804  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:08:19.0020 4804  EapHost - ok
12:08:19.0110 4804  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:08:19.0210 4804  ebdrv - ok
12:08:19.0250 4804  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
12:08:19.0330 4804  EFS - ok
12:08:19.0400 4804  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:08:19.0450 4804  ehRecvr - ok
12:08:19.0480 4804  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:08:19.0530 4804  ehSched - ok
12:08:19.0580 4804  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:08:19.0610 4804  elxstor - ok
12:08:19.0640 4804  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:08:19.0690 4804  ErrDev - ok
12:08:19.0730 4804  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:08:19.0770 4804  EventSystem - ok
12:08:19.0800 4804  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:08:19.0890 4804  exfat - ok
12:08:19.0920 4804  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:08:20.0010 4804  fastfat - ok
12:08:20.0070 4804  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:08:20.0140 4804  Fax - ok
12:08:20.0180 4804  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:08:20.0220 4804  fdc - ok
12:08:20.0240 4804  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:08:20.0340 4804  fdPHost - ok
12:08:20.0370 4804  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:08:20.0430 4804  FDResPub - ok
12:08:20.0460 4804  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:08:20.0470 4804  FileInfo - ok
12:08:20.0490 4804  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:08:20.0580 4804  Filetrace - ok
12:08:20.0590 4804  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:08:20.0630 4804  flpydisk - ok
12:08:20.0660 4804  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:08:20.0680 4804  FltMgr - ok
12:08:20.0750 4804  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:08:20.0840 4804  FontCache - ok
12:08:20.0890 4804  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:08:20.0920 4804  FontCache3.0.0.0 - ok
12:08:20.0940 4804  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:08:20.0960 4804  FsDepends - ok
12:08:20.0990 4804  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:08:21.0020 4804  Fs_Rec - ok
12:08:21.0070 4804  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:08:21.0100 4804  fvevol - ok
12:08:21.0120 4804  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:08:21.0130 4804  gagp30kx - ok
12:08:21.0210 4804  [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:08:21.0230 4804  GoToAssist - ok
12:08:21.0280 4804  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:08:21.0380 4804  gpsvc - ok
12:08:21.0500 4804  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:08:21.0530 4804  gupdate - ok
12:08:21.0560 4804  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:08:21.0590 4804  gupdatem - ok
12:08:21.0650 4804  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:08:21.0670 4804  gusvc - ok
12:08:21.0700 4804  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:08:21.0730 4804  hcw85cir - ok
12:08:21.0760 4804  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:08:21.0810 4804  HDAudBus - ok
12:08:21.0820 4804  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:08:21.0850 4804  HidBatt - ok
12:08:21.0870 4804  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:08:21.0890 4804  HidBth - ok
12:08:21.0910 4804  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:08:21.0940 4804  HidIr - ok
12:08:21.0980 4804  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
12:08:22.0060 4804  hidserv - ok
12:08:22.0110 4804  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:08:22.0170 4804  HidUsb - ok
12:08:22.0190 4804  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:08:22.0290 4804  hkmsvc - ok
12:08:22.0390 4804  [ 583431A6989FD8B901D1883C0299C471 ] hnmsvc          c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
12:08:22.0420 4804  hnmsvc - ok
12:08:22.0470 4804  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:08:22.0520 4804  HomeGroupListener - ok
12:08:22.0560 4804  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:08:22.0610 4804  HomeGroupProvider - ok
12:08:22.0650 4804  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:08:22.0680 4804  HpSAMD - ok
12:08:22.0730 4804  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:08:22.0790 4804  HTTP - ok
12:08:22.0830 4804  [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:08:22.0870 4804  hwdatacard - ok
12:08:22.0910 4804  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:08:22.0930 4804  hwpolicy - ok
12:08:22.0990 4804  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:08:23.0020 4804  i8042prt - ok
12:08:23.0100 4804  [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:08:23.0130 4804  IAANTMON - ok
12:08:23.0170 4804  [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:08:23.0190 4804  iaStor - ok
12:08:23.0230 4804  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:08:23.0250 4804  iaStorV - ok
12:08:23.0310 4804  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:08:23.0350 4804  idsvc - ok
12:08:23.0380 4804  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:08:23.0410 4804  iirsp - ok
12:08:23.0480 4804  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:08:23.0550 4804  IKEEXT - ok
12:08:23.0590 4804  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:08:23.0620 4804  intelide - ok
12:08:23.0650 4804  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:08:23.0700 4804  intelppm - ok
12:08:23.0740 4804  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:08:23.0820 4804  IPBusEnum - ok
12:08:23.0880 4804  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:08:23.0950 4804  IpFilterDriver - ok
12:08:23.0990 4804  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:08:24.0040 4804  iphlpsvc - ok
12:08:24.0080 4804  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:08:24.0130 4804  IPMIDRV - ok
12:08:24.0150 4804  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:08:24.0230 4804  IPNAT - ok
12:08:24.0270 4804  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:08:24.0310 4804  IRENUM - ok
12:08:24.0330 4804  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:08:24.0350 4804  isapnp - ok
12:08:24.0370 4804  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:08:24.0410 4804  iScsiPrt - ok
12:08:24.0430 4804  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:08:24.0440 4804  kbdclass - ok
12:08:24.0480 4804  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:08:24.0530 4804  kbdhid - ok
12:08:24.0570 4804  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
12:08:24.0600 4804  KeyIso - ok
12:08:24.0640 4804  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:08:24.0670 4804  KSecDD - ok
12:08:24.0700 4804  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:08:24.0730 4804  KSecPkg - ok
12:08:24.0750 4804  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:08:24.0790 4804  ksthunk - ok
12:08:24.0830 4804  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:08:24.0920 4804  KtmRm - ok
12:08:25.0000 4804  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:08:25.0080 4804  LanmanServer - ok
12:08:25.0110 4804  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:08:25.0190 4804  LanmanWorkstation - ok
12:08:25.0240 4804  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:08:25.0320 4804  lltdio - ok
12:08:25.0360 4804  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:08:25.0450 4804  lltdsvc - ok
12:08:25.0470 4804  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:08:25.0510 4804  lmhosts - ok
12:08:25.0540 4804  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:08:25.0560 4804  LSI_FC - ok
12:08:25.0590 4804  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:08:25.0610 4804  LSI_SAS - ok
12:08:25.0640 4804  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:08:25.0650 4804  LSI_SAS2 - ok
12:08:25.0670 4804  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:08:25.0690 4804  LSI_SCSI - ok
12:08:25.0730 4804  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:08:25.0800 4804  luafv - ok
12:08:25.0840 4804  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:08:25.0870 4804  Mcx2Svc - ok
12:08:25.0890 4804  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:08:25.0910 4804  megasas - ok
12:08:25.0940 4804  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:08:25.0970 4804  MegaSR - ok
12:08:25.0990 4804  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:08:26.0040 4804  MMCSS - ok
12:08:26.0060 4804  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:08:26.0110 4804  Modem - ok
12:08:26.0150 4804  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:08:26.0180 4804  monitor - ok
12:08:26.0220 4804  [ 95314C3A08589471983C2C8173F23CDA ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
12:08:26.0250 4804  MonitorFunction - ok
12:08:26.0320 4804  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:08:26.0340 4804  mouclass - ok
12:08:26.0370 4804  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:08:26.0420 4804  mouhid - ok
12:08:26.0480 4804  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:08:26.0510 4804  mountmgr - ok
12:08:26.0530 4804  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:08:26.0540 4804  mpio - ok
12:08:26.0570 4804  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:08:26.0640 4804  mpsdrv - ok
12:08:26.0690 4804  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:08:26.0780 4804  MpsSvc - ok
12:08:26.0830 4804  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:08:26.0860 4804  MRxDAV - ok
12:08:26.0900 4804  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:08:26.0930 4804  mrxsmb - ok
12:08:26.0970 4804  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:08:27.0020 4804  mrxsmb10 - ok
12:08:27.0050 4804  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:08:27.0110 4804  mrxsmb20 - ok
12:08:27.0150 4804  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:08:27.0180 4804  msahci - ok
12:08:27.0220 4804  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:08:27.0230 4804  msdsm - ok
12:08:27.0250 4804  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:08:27.0300 4804  MSDTC - ok
12:08:27.0340 4804  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:08:27.0410 4804  Msfs - ok
12:08:27.0430 4804  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:08:27.0510 4804  mshidkmdf - ok
12:08:27.0540 4804  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:08:27.0560 4804  msisadrv - ok
12:08:27.0600 4804  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:08:27.0670 4804  MSiSCSI - ok
12:08:27.0680 4804  msiserver - ok
12:08:27.0700 4804  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:08:27.0760 4804  MSKSSRV - ok
12:08:27.0780 4804  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:08:27.0830 4804  MSPCLOCK - ok
12:08:27.0860 4804  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:08:27.0910 4804  MSPQM - ok
12:08:27.0960 4804  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:08:28.0000 4804  MsRPC - ok
12:08:28.0030 4804  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:08:28.0050 4804  mssmbios - ok
12:08:28.0070 4804  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:08:28.0140 4804  MSTEE - ok
12:08:28.0160 4804  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:08:28.0180 4804  MTConfig - ok
12:08:28.0200 4804  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:08:28.0220 4804  Mup - ok
12:08:28.0260 4804  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:08:28.0310 4804  napagent - ok
12:08:28.0360 4804  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:08:28.0410 4804  NativeWifiP - ok
12:08:28.0460 4804  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:08:28.0510 4804  NDIS - ok
12:08:28.0540 4804  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:08:28.0600 4804  NdisCap - ok
12:08:28.0640 4804  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:08:28.0720 4804  NdisTapi - ok
12:08:28.0750 4804  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:08:28.0850 4804  Ndisuio - ok
12:08:28.0890 4804  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:08:28.0970 4804  NdisWan - ok
12:08:29.0000 4804  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:08:29.0070 4804  NDProxy - ok
12:08:29.0100 4804  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:08:29.0170 4804  NetBIOS - ok
12:08:29.0190 4804  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:08:29.0260 4804  NetBT - ok
12:08:29.0280 4804  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
12:08:29.0300 4804  Netlogon - ok
12:08:29.0350 4804  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:08:29.0430 4804  Netman - ok
12:08:29.0460 4804  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:08:29.0540 4804  netprofm - ok
12:08:29.0580 4804  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:08:29.0590 4804  NetTcpPortSharing - ok
12:08:29.0620 4804  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:08:29.0660 4804  nfrd960 - ok
12:08:29.0690 4804  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:08:29.0740 4804  NlaSvc - ok
12:08:29.0770 4804  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:08:29.0810 4804  Npfs - ok
12:08:29.0840 4804  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:08:29.0920 4804  nsi - ok
12:08:29.0930 4804  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:08:29.0980 4804  nsiproxy - ok
12:08:30.0060 4804  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:08:30.0110 4804  Ntfs - ok
12:08:30.0130 4804  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:08:30.0180 4804  Null - ok
12:08:30.0220 4804  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:08:30.0240 4804  nvraid - ok
12:08:30.0270 4804  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:08:30.0290 4804  nvstor - ok
12:08:30.0330 4804  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:08:30.0350 4804  nv_agp - ok
12:08:30.0450 4804  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:08:30.0480 4804  odserv - ok
12:08:30.0500 4804  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:08:30.0550 4804  ohci1394 - ok
12:08:30.0600 4804  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:08:30.0620 4804  ose - ok
12:08:30.0660 4804  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:08:30.0710 4804  p2pimsvc - ok
12:08:30.0740 4804  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:08:30.0780 4804  p2psvc - ok
12:08:30.0820 4804  [ 99E6AA0AE2D05389BA7F7DFF6866B569 ] Packet          C:\Windows\system32\DRIVERS\packet.sys
12:08:30.0840 4804  Packet - ok
12:08:30.0880 4804  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:08:30.0920 4804  Parport - ok
12:08:30.0950 4804  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:08:30.0980 4804  partmgr - ok
12:08:30.0990 4804  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:08:31.0050 4804  PcaSvc - ok
12:08:31.0080 4804  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:08:31.0100 4804  pci - ok
12:08:31.0140 4804  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:08:31.0160 4804  pciide - ok
12:08:31.0180 4804  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:08:31.0200 4804  pcmcia - ok
12:08:31.0220 4804  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:08:31.0230 4804  pcw - ok
12:08:31.0270 4804  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:08:31.0340 4804  PEAUTH - ok
12:08:31.0430 4804  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:08:31.0490 4804  PerfHost - ok
12:08:31.0560 4804  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:08:31.0670 4804  pla - ok
12:08:31.0730 4804  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:08:31.0800 4804  PlugPlay - ok
12:08:31.0810 4804  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:08:31.0860 4804  PNRPAutoReg - ok
12:08:31.0890 4804  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:08:31.0930 4804  PNRPsvc - ok
12:08:31.0970 4804  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:08:32.0060 4804  PolicyAgent - ok
12:08:32.0110 4804  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:08:32.0190 4804  Power - ok
12:08:32.0220 4804  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:08:32.0300 4804  PptpMiniport - ok
12:08:32.0330 4804  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:08:32.0390 4804  Processor - ok
12:08:32.0430 4804  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:08:32.0500 4804  ProfSvc - ok
12:08:32.0510 4804  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
12:08:32.0530 4804  ProtectedStorage - ok
12:08:32.0580 4804  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:08:32.0660 4804  Psched - ok
12:08:32.0700 4804  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:08:32.0720 4804  PxHlpa64 - ok
12:08:32.0770 4804  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:08:32.0840 4804  ql2300 - ok
12:08:32.0880 4804  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:08:32.0900 4804  ql40xx - ok
12:08:32.0940 4804  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:08:32.0970 4804  QWAVE - ok
12:08:32.0980 4804  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:08:33.0030 4804  QWAVEdrv - ok
12:08:33.0040 4804  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:08:33.0120 4804  RasAcd - ok
12:08:33.0160 4804  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:08:33.0230 4804  RasAgileVpn - ok
12:08:33.0260 4804  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:08:33.0310 4804  RasAuto - ok
12:08:33.0340 4804  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:08:33.0390 4804  Rasl2tp - ok
12:08:33.0440 4804  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:08:33.0520 4804  RasMan - ok
12:08:33.0550 4804  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:08:33.0630 4804  RasPppoe - ok
12:08:33.0660 4804  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:08:33.0740 4804  RasSstp - ok
12:08:33.0780 4804  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:08:33.0840 4804  rdbss - ok
12:08:33.0870 4804  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:08:33.0920 4804  rdpbus - ok
12:08:33.0930 4804  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:08:34.0010 4804  RDPCDD - ok
12:08:34.0050 4804  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:08:34.0120 4804  RDPENCDD - ok
12:08:34.0140 4804  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:08:34.0200 4804  RDPREFMP - ok
12:08:34.0280 4804  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:08:34.0330 4804  RdpVideoMiniport - ok
12:08:34.0370 4804  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:08:34.0430 4804  RDPWD - ok
12:08:34.0490 4804  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:08:34.0520 4804  rdyboost - ok
12:08:34.0550 4804  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:08:34.0630 4804  RemoteAccess - ok
12:08:34.0680 4804  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:08:34.0770 4804  RemoteRegistry - ok
12:08:34.0800 4804  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:08:34.0870 4804  RpcEptMapper - ok
12:08:34.0890 4804  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:08:34.0910 4804  RpcLocator - ok
12:08:34.0960 4804  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
12:08:35.0020 4804  RpcSs - ok
12:08:35.0070 4804  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:08:35.0140 4804  rspndr - ok
12:08:35.0200 4804  [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:08:35.0240 4804  RSUSBSTOR - ok
12:08:35.0260 4804  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
12:08:35.0280 4804  SamSs - ok
12:08:35.0310 4804  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:08:35.0330 4804  sbp2port - ok
12:08:35.0372 4804  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:08:35.0472 4804  SCardSvr - ok
12:08:35.0502 4804  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:08:35.0582 4804  scfilter - ok
12:08:35.0642 4804  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:08:35.0742 4804  Schedule - ok
12:08:35.0772 4804  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:08:35.0812 4804  SCPolicySvc - ok
12:08:35.0852 4804  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:08:35.0882 4804  SDRSVC - ok
12:08:35.0912 4804  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:08:35.0952 4804  secdrv - ok
12:08:35.0992 4804  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:08:36.0042 4804  seclogon - ok
12:08:36.0072 4804  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
12:08:36.0152 4804  SENS - ok
12:08:36.0172 4804  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:08:36.0192 4804  SensrSvc - ok
12:08:36.0222 4804  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:08:36.0252 4804  Serenum - ok
12:08:36.0292 4804  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:08:36.0322 4804  Serial - ok
12:08:36.0342 4804  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:08:36.0382 4804  sermouse - ok
12:08:36.0440 4804  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:08:36.0514 4804  SessionEnv - ok
12:08:36.0544 4804  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:08:36.0594 4804  sffdisk - ok
12:08:36.0624 4804  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:08:36.0674 4804  sffp_mmc - ok
12:08:36.0694 4804  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:08:36.0744 4804  sffp_sd - ok
12:08:36.0774 4804  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:08:36.0804 4804  sfloppy - ok
12:08:36.0904 4804  [ 7F475425582163602EF1589C0071E521 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:08:36.0934 4804  SftService - ok
12:08:36.0974 4804  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:08:37.0074 4804  SharedAccess - ok
12:08:37.0114 4804  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:08:37.0174 4804  ShellHWDetection - ok
12:08:37.0204 4804  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:08:37.0224 4804  SiSRaid2 - ok
12:08:37.0254 4804  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:08:37.0284 4804  SiSRaid4 - ok
12:08:37.0474 4804  [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:08:37.0564 4804  Skype C2C Service - ok
12:08:37.0674 4804  [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:08:37.0704 4804  SkypeUpdate - ok
12:08:37.0734 4804  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:08:37.0814 4804  Smb - ok
12:08:37.0864 4804  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:08:37.0924 4804  SNMPTRAP - ok
12:08:37.0964 4804  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:08:37.0984 4804  spldr - ok
12:08:38.0044 4804  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:08:38.0114 4804  Spooler - ok
12:08:38.0224 4804  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:08:38.0344 4804  sppsvc - ok
12:08:38.0384 4804  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:08:38.0464 4804  sppuinotify - ok
12:08:38.0524 4804  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
12:08:38.0544 4804  sprtsvc_DellSupportCenter - ok
12:08:38.0584 4804  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:08:38.0654 4804  srv - ok
12:08:38.0704 4804  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:08:38.0744 4804  srv2 - ok
12:08:38.0764 4804  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:08:38.0794 4804  srvnet - ok
12:08:38.0844 4804  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:08:38.0934 4804  SSDPSRV - ok
12:08:38.0954 4804  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:08:38.0994 4804  SstpSvc - ok
12:08:39.0124 4804  [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
12:08:39.0184 4804  STacSV - ok
12:08:39.0214 4804  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:08:39.0234 4804  stexstor - ok
12:08:39.0274 4804  [ 02E784FA49032F84964DB90A3ED81890 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
12:08:39.0314 4804  STHDA - ok
12:08:39.0344 4804  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:08:39.0394 4804  stisvc - ok
12:08:39.0414 4804  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:08:39.0434 4804  swenum - ok
12:08:39.0474 4804  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:08:39.0564 4804  swprv - ok
12:08:39.0614 4804  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:08:39.0684 4804  SysMain - ok
12:08:39.0744 4804  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:08:39.0794 4804  TabletInputService - ok
12:08:39.0844 4804  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:08:39.0894 4804  TapiSrv - ok
12:08:39.0934 4804  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:08:40.0024 4804  TBS - ok
12:08:40.0104 4804  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:08:40.0174 4804  Tcpip - ok
12:08:40.0214 4804  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:08:40.0264 4804  TCPIP6 - ok
12:08:40.0304 4804  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:08:40.0344 4804  tcpipreg - ok
12:08:40.0384 4804  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:08:40.0434 4804  TDPIPE - ok
12:08:40.0464 4804  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:08:40.0514 4804  TDTCP - ok
12:08:40.0544 4804  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:08:40.0594 4804  tdx - ok
12:08:40.0634 4804  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:08:40.0654 4804  TermDD - ok
12:08:40.0714 4804  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:08:40.0804 4804  TermService - ok
12:08:40.0834 4804  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:08:40.0874 4804  Themes - ok
12:08:40.0904 4804  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:08:40.0944 4804  THREADORDER - ok
12:08:40.0964 4804  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:08:41.0024 4804  TrkWks - ok
12:08:41.0104 4804  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:08:41.0194 4804  TrustedInstaller - ok
12:08:41.0224 4804  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:08:41.0264 4804  tssecsrv - ok
12:08:41.0324 4804  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:08:41.0364 4804  TsUsbFlt - ok
12:08:41.0404 4804  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:08:41.0474 4804  tunnel - ok
12:08:41.0504 4804  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:08:41.0524 4804  uagp35 - ok
12:08:41.0574 4804  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:08:41.0624 4804  udfs - ok
12:08:41.0664 4804  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:08:41.0714 4804  UI0Detect - ok
12:08:41.0754 4804  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:08:41.0774 4804  uliagpkx - ok
12:08:41.0814 4804  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:08:41.0854 4804  umbus - ok
12:08:41.0914 4804  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:08:41.0934 4804  UmPass - ok
12:08:41.0954 4804  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:08:42.0044 4804  upnphost - ok
12:08:42.0084 4804  [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:08:42.0144 4804  usbccgp - ok
12:08:42.0184 4804  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:08:42.0244 4804  usbcir - ok
12:08:42.0274 4804  [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:08:42.0284 4804  usbehci - ok
12:08:42.0344 4804  [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:08:42.0374 4804  usbhub - ok
12:08:42.0394 4804  [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:08:42.0424 4804  usbohci - ok
12:08:42.0474 4804  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:08:42.0524 4804  usbprint - ok
12:08:42.0574 4804  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
12:08:42.0624 4804  usbscan - ok
12:08:42.0664 4804  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:08:42.0694 4804  USBSTOR - ok
12:08:42.0764 4804  [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:08:42.0804 4804  usbuhci - ok
12:08:42.0864 4804  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:08:42.0934 4804  usbvideo - ok
12:08:42.0954 4804  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:08:43.0034 4804  UxSms - ok
12:08:43.0044 4804  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
12:08:43.0064 4804  VaultSvc - ok
12:08:43.0094 4804  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:08:43.0104 4804  vdrvroot - ok
12:08:43.0154 4804  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:08:43.0214 4804  vds - ok
12:08:43.0244 4804  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:08:43.0284 4804  vga - ok
12:08:43.0314 4804  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:08:43.0354 4804  VgaSave - ok
12:08:43.0384 4804  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:08:43.0404 4804  vhdmp - ok
12:08:43.0434 4804  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:08:43.0444 4804  viaide - ok
12:08:43.0464 4804  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:08:43.0484 4804  volmgr - ok
12:08:43.0534 4804  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:08:43.0564 4804  volmgrx - ok
12:08:43.0574 4804  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:08:43.0594 4804  volsnap - ok
12:08:43.0634 4804  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:08:43.0664 4804  vsmraid - ok
12:08:43.0724 4804  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:08:43.0814 4804  VSS - ok
12:08:43.0844 4804  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:08:43.0884 4804  vwifibus - ok
12:08:43.0914 4804  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:08:43.0934 4804  vwififlt - ok
12:08:43.0974 4804  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:08:44.0004 4804  vwifimp - ok
12:08:44.0054 4804  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:08:44.0114 4804  W32Time - ok
12:08:44.0134 4804  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:08:44.0184 4804  WacomPen - ok
12:08:44.0254 4804  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:08:44.0314 4804  WANARP - ok
12:08:44.0324 4804  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:08:44.0364 4804  Wanarpv6 - ok
12:08:44.0444 4804  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:08:44.0494 4804  WatAdminSvc - ok
12:08:44.0564 4804  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:08:44.0894 4804  wbengine - ok
12:08:44.0934 4804  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:08:44.0994 4804  WbioSrvc - ok
12:08:45.0044 4804  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:08:45.0094 4804  wcncsvc - ok
12:08:45.0114 4804  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:08:45.0164 4804  WcsPlugInService - ok
12:08:45.0224 4804  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:08:45.0254 4804  Wd - ok
12:08:45.0304 4804  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:08:45.0344 4804  Wdf01000 - ok
12:08:45.0354 4804  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:08:45.0464 4804  WdiServiceHost - ok
12:08:45.0474 4804  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:08:45.0494 4804  WdiSystemHost - ok
12:08:45.0544 4804  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
12:08:45.0594 4804  WebClient - ok
12:08:45.0634 4804  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:08:45.0684 4804  Wecsvc - ok
12:08:45.0704 4804  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:08:45.0784 4804  wercplsupport - ok
12:08:45.0814 4804  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:08:45.0864 4804  WerSvc - ok
12:08:45.0894 4804  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:08:45.0934 4804  WfpLwf - ok
12:08:45.0974 4804  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
12:08:45.0994 4804  WimFltr - ok
12:08:46.0014 4804  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:08:46.0034 4804  WIMMount - ok
12:08:46.0094 4804  WinDefend - ok
12:08:46.0124 4804  WinHttpAutoProxySvc - ok
12:08:46.0194 4804  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:08:46.0414 4804  Winmgmt - ok
12:08:46.0514 4804  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:08:46.0604 4804  WinRM - ok
12:08:46.0684 4804  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:08:46.0714 4804  WinUsb - ok
12:08:46.0764 4804  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:08:46.0834 4804  Wlansvc - ok
12:08:46.0974 4804  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:08:47.0044 4804  wlidsvc - ok
12:08:47.0074 4804  [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
12:08:47.0104 4804  wltrysvc ( UnsignedFile.Multi.Generic ) - warning
12:08:47.0104 4804  wltrysvc - detected UnsignedFile.Multi.Generic (1)
12:08:47.0154 4804  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:08:47.0194 4804  WmiAcpi - ok
12:08:47.0244 4804  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:08:47.0294 4804  wmiApSrv - ok
12:08:47.0334 4804  WMPNetworkSvc - ok
12:08:47.0394 4804  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:08:47.0424 4804  WPCSvc - ok
12:08:47.0464 4804  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:08:47.0484 4804  WPDBusEnum - ok
12:08:47.0514 4804  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:08:47.0554 4804  ws2ifsl - ok
12:08:47.0594 4804  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
12:08:47.0614 4804  wscsvc - ok
12:08:47.0624 4804  WSearch - ok
12:08:47.0714 4804  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:08:47.0784 4804  wuauserv - ok
12:08:47.0824 4804  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:08:47.0874 4804  WudfPf - ok
12:08:47.0894 4804  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:08:47.0934 4804  WUDFRd - ok
12:08:47.0944 4804  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:08:47.0994 4804  wudfsvc - ok
12:08:48.0024 4804  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:08:48.0054 4804  WwanSvc - ok
12:08:48.0104 4804  [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
12:08:48.0154 4804  yukonw7 - ok
12:08:48.0194 4804  ================ Scan global ===============================
12:08:48.0224 4804  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:08:48.0274 4804  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
12:08:48.0284 4804  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
12:08:48.0314 4804  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:08:48.0354 4804  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:08:48.0364 4804  [Global] - ok
12:08:48.0364 4804  ================ Scan MBR ==================================
12:08:48.0384 4804  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
12:08:48.0754 4804  \Device\Harddisk0\DR0 - ok
12:08:48.0754 4804  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
12:08:48.0874 4804  \Device\Harddisk2\DR2 - ok
12:08:48.0874 4804  ================ Scan VBR ==================================
12:08:48.0904 4804  [ CE1660B4A78827026EAB557BE1BFE095 ] \Device\Harddisk0\DR0\Partition1
12:08:48.0904 4804  \Device\Harddisk0\DR0\Partition1 - ok
12:08:48.0924 4804  [ AB9B8CB3F69A4BE35751DE4EB1FD0CBD ] \Device\Harddisk0\DR0\Partition2
12:08:48.0924 4804  \Device\Harddisk0\DR0\Partition2 - ok
12:08:48.0934 4804  [ A7FBC5B401414E9DF540D73A878D8B66 ] \Device\Harddisk2\DR2\Partition1
12:08:48.0934 4804  \Device\Harddisk2\DR2\Partition1 - ok
12:08:48.0934 4804  ============================================================
12:08:48.0934 4804  Scan finished
12:08:48.0934 4804  ============================================================
12:08:48.0964 5556  Detected object count: 2
12:08:48.0964 5556  Actual detected object count: 2
12:12:18.0629 5556  DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:18.0629 5556  DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:12:18.0639 5556  wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:18.0639 5556  wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:47.0763 2472  Deinitialize success
 


Edited by kangaroo, 26 January 2014 - 07:56 PM.

    Advertisements

Register to Remove


#17 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 26 January 2014 - 09:15 PM

Nothing "scary" there. The scan was just saying that those two programs are potentially "risky" because the files are unsigned. It is not unusual for 3rd party programs not to go to the expense of getting signed certificates. This becomes more of an issue with windows 8 - which will decline to run them without modification.

The important thing is not rootkits found.

Let's take a different scan for "big" nasties.

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan
aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
aswMBR2.png

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#18 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 183 posts

Posted 26 January 2014 - 11:20 PM

Attached File  MBR.zip   572bytes   48 downloads

 

Hi Tomk,

 

I've done that with one hiccup: There didn't seem to be any progress in the scan for some time so I clicked to save the log file. No sooner had I done that than the scan progressed to another file. So I went and left it until I saw the completed message. I then created the log file again and that follows. I've also attached the mbr.zip as requested.

 

I hope my interference in the scanning has not corrupted the results.

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-27 15:28:57
-----------------------------
15:28:57.693    OS Version: Windows x64 6.1.7601 Service Pack 1
15:28:57.693    Number of processors: 2 586 0x170A
15:28:57.693    ComputerName: HEATHER-PC  UserName: Heather
15:28:58.835    Initialize success
15:29:01.695    AVAST engine defs: 14011701
15:29:26.485    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:29:26.495    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
15:29:26.655    Disk 0 MBR read successfully
15:29:26.665    Disk 0 MBR scan
15:29:26.675    Disk 0 Windows VISTA default MBR code
15:29:26.675    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:29:26.685    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
15:29:26.695    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30801920
15:29:26.725    Disk 0 scanning C:\Windows\system32\drivers
15:29:38.349    Service scanning
15:30:00.824    Modules scanning
15:30:00.834    Disk 0 trace - called modules:
15:30:00.874    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:30:00.884    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004568060]
15:30:00.904    3 CLASSPNP.SYS[fffff880015ca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f9050]
15:30:01.954    AVAST engine scan C:\Windows
15:30:05.486    AVAST engine scan C:\Windows\system32
15:32:57.610    AVAST engine scan C:\Windows\system32\drivers
15:33:13.778    AVAST engine scan C:\Users\Heather
15:36:14.608    Disk 0 MBR has been saved successfully to "C:\Users\Heather\Desktop\Clean-Up\MBR.dat"
15:36:14.623    The log file has been saved successfully to "C:\Users\Heather\Desktop\Clean-Up\aswMBR_Log.txt"

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-27 15:28:57
-----------------------------
15:28:57.693    OS Version: Windows x64 6.1.7601 Service Pack 1
15:28:57.693    Number of processors: 2 586 0x170A
15:28:57.693    ComputerName: HEATHER-PC  UserName: Heather
15:28:58.835    Initialize success
15:29:01.695    AVAST engine defs: 14011701
15:29:26.485    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:29:26.495    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
15:29:26.655    Disk 0 MBR read successfully
15:29:26.665    Disk 0 MBR scan
15:29:26.675    Disk 0 Windows VISTA default MBR code
15:29:26.675    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:29:26.685    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
15:29:26.695    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30801920
15:29:26.725    Disk 0 scanning C:\Windows\system32\drivers
15:29:38.349    Service scanning
15:30:00.824    Modules scanning
15:30:00.834    Disk 0 trace - called modules:
15:30:00.874    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:30:00.884    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004568060]
15:30:00.904    3 CLASSPNP.SYS[fffff880015ca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f9050]
15:30:01.954    AVAST engine scan C:\Windows
15:30:05.486    AVAST engine scan C:\Windows\system32
15:32:57.610    AVAST engine scan C:\Windows\system32\drivers
15:33:13.778    AVAST engine scan C:\Users\Heather
15:36:14.608    Disk 0 MBR has been saved successfully to "C:\Users\Heather\Desktop\Clean-Up\MBR.dat"
15:36:14.623    The log file has been saved successfully to "C:\Users\Heather\Desktop\Clean-Up\aswMBR_Log.txt"
15:37:53.080    AVAST engine scan C:\ProgramData
15:40:03.609    Scan finished successfully
16:02:52.009    Disk 0 MBR has been saved successfully to "C:\Users\Heather\Desktop\Clean-Up\MBR.dat"
16:02:52.019    The log file has been saved successfully to "C:\Users\Heather\Desktop\Clean-Up\aswMBR_Log.txt"


Edited by kangaroo, 26 January 2014 - 11:20 PM.


#19 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 26 January 2014 - 11:59 PM

I'm not certain what happened there... but the log looks right.  And clean.

 

I'd like you to run Combofix one more time - just by double clicking like you did originally (no script) and post the log.

 

Then please tell me how things seem to be running.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#20 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 183 posts

Posted 27 January 2014 - 01:12 AM

Hi Tomk,

 

I've run ComboFix and the log is at the end of this post.

 

I'm really stumped by the erratic behaviour of Outlook.com and don't know what could be causing it. Here is what I just tried.

 

When I open IE10, it opens the Outlook.com Inbox BUT:

1. It displays the folder list and the message list but never displays the top, highlighted message in the reading pane (which remains blank) just showing the waiting donut beside the mouse pointer. And I cannot open any other folder; there are just a set of white dots progressing across the top of the blue menu bar of Outlook.com (Outlook | New | Reply | etc.).

2. If I click on the stub to open a new tab, the second tab opens and displays the home page (the Outlook.com Inbox NOT a blank page as I expect); strangely, this tab displays the top, highlighted message in the reading pane and I can open other folders and display the top, highlighted messages in them in the reading pane. HOWEVER, I can click on another message in a folder and that displays in the reading pane BUT the progressing white dots across the top of the blue menu bar appear and I can do nothing else.

Once the Outlook.com tab is "locked" I can still type an URL into the address bar and browse other sites.

Once I went to another site, I used the back button to go back to Outlook.com; again strange! I had the folder list, the reading pane and the contact panel BUT no message list! I then went into settings, couldn't see any way to set the layout. So I clicked on Inbox and went back to the Inbox with the original layout: folder list, message list and reading pane.

 

One of the messages I had displayed in the reading pane had a link to an outside site. Originally, I couldn't get these links to open but just now, the link opened in a new window, as it should.

I don't know if all this strange and erratic behaviour in Outlook.com is down to IE10 or Outlook.com or some weird infection. Whatever, Outlook.com is essentially useless on this PC.

 

 

Here is the ComboFix log:

 

ComboFix 14-01-23.02 - Heather 27/01/2014  17:21:58.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4092.2285 [GMT 11:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\user32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-27 to 2014-01-27  )))))))))))))))))))))))))))))))
.
.
2014-01-27 06:28 . 2014-01-27 06:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-27 06:28 . 2014-01-27 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-26 10:58 . 2009-07-14 01:52 24128 ----a-w- c:\windows\SysWow64\drivers\atapi.sys
2014-01-25 03:59 . 2014-01-25 04:06 -------- d-----w- c:\windows\system32\catroot2
2014-01-25 03:48 . 2014-01-27 06:29 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-25 03:47 . 2014-01-25 03:47 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-01-25 03:42 . 2014-01-25 03:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-01-25 02:52 . 2014-01-25 02:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-01-15 23:45 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 23:45 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 23:45 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 23:45 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 23:45 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 23:45 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 23:45 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 23:45 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 23:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 20:14 . 2014-01-12 20:15 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-10 08:08 . 2013-10-25 06:17 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2014-01-09 07:18 . 2014-01-09 07:18 -------- d-----w- c:\users\Heather\AppData\Roaming\Macrovision
2014-01-07 03:26 . 2009-09-10 04:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-01-07 03:26 . 2009-09-04 04:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2014-01-07 03:26 . 2009-07-24 04:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2014-01-07 03:26 . 2007-08-08 17:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-01-07 03:26 . 2014-01-07 03:27 -------- d-----w- c:\program files (x86)\Virgin Mobile
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-26 04:03 . 2014-01-25 02:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\offreg.dll
2014-01-15 23:55 . 2010-02-07 23:17 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-13 08:14 . 2013-03-13 20:02 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-01-12 20:14 . 2013-03-13 20:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-12 20:14 . 2011-03-05 09:40 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-12 20:14 . 2011-03-05 09:40 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-12 20:14 . 2011-03-05 09:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-12 20:14 . 2011-03-05 09:40 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-12 20:14 . 2011-03-05 09:40 43152 ----a-w- c:\windows\avastSS.scr
2013-12-17 19:13 . 2011-03-05 09:36 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 21:48 . 2012-11-07 03:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:48 . 2012-11-07 03:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-04 03:28 . 2014-01-24 09:51 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\mpengine.dll
2013-11-23 18:26 . 2013-12-11 19:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-20 04:09 . 2013-03-13 20:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-20 04:09 . 2012-02-24 22:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-20 04:09 . 2012-09-06 22:32 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-12 02:23 . 2013-12-11 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 06:46 . 2013-01-19 05:08 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-10-31 06:46 . 2013-01-19 05:08 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-10-30 02:32 . 2013-12-11 19:35 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 19:35 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-22 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 21:32 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 21:48]
.
2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-17 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-01-25 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-11 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-12 20:14 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://col125.mail....64855&rru=inbox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{19347375-B14A-4420-84B0-48E9ED1CA495}: NameServer = 123.200.191.17 123.200.191.18
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\users\Heather\Desktop\SpeedMaxPc\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2014-01-27  17:36:13 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-27 06:36
ComboFix2.txt  2014-01-26 11:12
ComboFix3.txt  2014-01-25 07:44
ComboFix4.txt  2014-01-24 03:53
.
Pre-Run: 424,488,472,576 bytes free
Post-Run: 424,294,551,552 bytes free
.
- - End Of File - - BEA021D3997ADB69281B4179ECEA7D49
 



#21 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 27 January 2014 - 01:37 AM

I don't know what is causing the erratic behavior with outlook.com, but (at least in my head) I think the Tech Team might have ideas... but that must be after we know you're malware free.

 

Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\user32.dll

 

This still appears in your CF log (again) which indicates that the replacement file is not clean.

 

Let's see if we can find another one.

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    
    user32.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#22 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 183 posts

Posted 27 January 2014 - 05:19 AM

Hi Tomk,

 

Done. Here is the SystemLook log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:59 on 27/01/2014 by Heather
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "user32.dll"
C:\Windows\ERDNT\cache64\user32.dll --a---- 1008128 bytes [02:48 22/07/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B
C:\Windows\ERDNT\cache86\user32.dll --a---- 833024 bytes [02:48 22/07/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\System32\user32.dll --a---- 833024 bytes [04:27 08/03/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\SysWOW64\user32.dll --a---- 833024 bytes [04:27 08/03/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --a---- 1008640 bytes [23:38 13/07/2009] [01:41 14/07/2009] 72D7B3EA16946E8F0CF7458150031CC6
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --a---- 1008128 bytes [04:27 08/03/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --a---- 833024 bytes [23:24 13/07/2009] [01:11 14/07/2009] E8B0FFC209E504CB7E79FC24E6C085F0
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --a---- 833024 bytes [04:27 08/03/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

-= EOF =-



#23 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 27 January 2014 - 09:09 AM

COMBOFIX-Script
 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    
    FCopy::
    
    C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWow64\user32.dll
    
    
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#24 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 183 posts

Posted 27 January 2014 - 11:02 PM

Hi Tomk,

 

I've done that and this time I had worked out how to turn off Windows Defender as well. Sorry about the delay but I had a 5.00am start to milk the goats and then get my wife into town for medical appointments and have only just now got back online.

 

Here is the ComboFix log:

 

ComboFix 14-01-23.02 - Heather 28/01/2014  15:35:03.6.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4092.2757 [GMT 11:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
Command switches used :: c:\users\Heather\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\userinit.exe
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWow64\user32.dll
.
(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-28  )))))))))))))))))))))))))))))))
.
.
2014-01-28 04:41 . 2014-01-28 04:41 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-28 04:41 . 2014-01-28 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-26 10:58 . 2009-07-14 01:52 24128 ----a-w- c:\windows\SysWow64\drivers\atapi.sys
2014-01-25 03:59 . 2014-01-25 04:06 -------- d-----w- c:\windows\system32\catroot2
2014-01-25 03:48 . 2014-01-28 04:42 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-25 03:47 . 2014-01-25 03:47 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-01-25 03:42 . 2014-01-25 03:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-01-25 02:52 . 2014-01-25 02:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-01-25 02:44 . 2014-01-26 04:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\offreg.dll
2014-01-24 09:51 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\mpengine.dll
2014-01-15 23:45 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 23:45 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 23:45 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 23:45 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 23:45 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 23:45 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 23:45 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 23:45 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 23:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 20:14 . 2014-01-12 20:15 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-10 08:08 . 2013-10-25 06:17 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2014-01-09 07:18 . 2014-01-09 07:18 -------- d-----w- c:\users\Heather\AppData\Roaming\Macrovision
2014-01-07 03:26 . 2009-09-10 04:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-01-07 03:26 . 2009-09-04 04:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2014-01-07 03:26 . 2009-07-24 04:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2014-01-07 03:26 . 2007-08-08 17:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-01-07 03:26 . 2014-01-07 03:27 -------- d-----w- c:\program files (x86)\Virgin Mobile
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-15 23:55 . 2010-02-07 23:17 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-13 08:14 . 2013-03-13 20:02 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-01-12 20:14 . 2013-03-13 20:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-12 20:14 . 2011-03-05 09:40 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-12 20:14 . 2011-03-05 09:40 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-12 20:14 . 2011-03-05 09:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-12 20:14 . 2011-03-05 09:40 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-12 20:14 . 2011-03-05 09:40 43152 ----a-w- c:\windows\avastSS.scr
2013-12-17 19:13 . 2011-03-05 09:36 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 21:48 . 2012-11-07 03:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:48 . 2012-11-07 03:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26 . 2013-12-11 19:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-20 04:09 . 2013-03-13 20:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-20 04:09 . 2012-02-24 22:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-20 04:09 . 2012-09-06 22:32 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-12 02:23 . 2013-12-11 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 06:46 . 2013-01-19 05:08 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-10-31 06:46 . 2013-01-19 05:08 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-22 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 21:32 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 21:48]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-27 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-01-25 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-11 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-12 20:14 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://col125.mail....64855&rru=inbox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\users\Heather\Desktop\SpeedMaxPc\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2014-01-28  15:47:57 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-28 04:47
ComboFix2.txt  2014-01-27 06:36
ComboFix3.txt  2014-01-26 11:12
ComboFix4.txt  2014-01-25 07:44
ComboFix5.txt  2014-01-28 04:32
.
Pre-Run: 424,360,439,808 bytes free
Post-Run: 424,152,440,832 bytes free
.
- - End Of File - - 04CF0E53816D95B49AD0FDBF3D4D120A

 



#25 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 27 January 2014 - 11:34 PM

I've done that and this time I had worked out how to turn off Windows Defender as well. Sorry about the delay but I had a 5.00am start to milk the goats and then get my wife into town for medical appointments and have only just now got back online.

Don't worry about it.  I'm not here all day.  I just check in when I'm near a computer. 
 
I don't have any goats to feed... just cows and sheep and my wife doesn't have any medical appointments this week. :)  Which is good because it gave me time to remove and replace a fuel injection pump in the pickup.
 
Anyhow... back to your computer.
 
As you can see a new system file was found infected again.  Not good.  This seems alot like a file infector but I'm not finding any rootkits or things like that.  Let's try a different scan.
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#26 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 183 posts

Posted 28 January 2014 - 12:14 AM

Hi Tomk,

 

It's nice to get some of those chores out of the way! I really appreciate how quickly you have responded.

 

Here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
Ran by Heather (administrator) on HEATHER-PC on 28-01-2014 16:58:32
Running from C:\Users\Heather\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-25] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-19] ()
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-22] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-13] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-22] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe [210208 2008-09-27] (Acresso Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://col125.mail....64855&rru=inbox
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]
CHR Extension: (avast! Online Security) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19]
CHR Extension: (Skype Click to Call) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-19]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-13] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-13] (AVAST Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-13] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-13] ()
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 aswNdisFlt; C:\Windows\System32\Drivers\aswNdisFlt.sys [439648 2014-01-13] (AVAST Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-28 16:58 - 2014-01-28 16:59 - 00014676 _____ C:\Users\Heather\Desktop\FRST.txt
2014-01-28 16:58 - 2014-01-28 16:58 - 00000000 ____D C:\FRST
2014-01-28 16:58 - 2014-01-28 16:55 - 02079232 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-01-28 15:47 - 2014-01-28 15:47 - 00015618 _____ C:\ComboFix.txt
2014-01-28 15:33 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 21:59 - 2014-01-27 22:02 - 00003234 _____ C:\Users\Heather\Desktop\SystemLook.txt
2014-01-27 21:58 - 2014-01-27 21:43 - 00139264 _____ C:\Users\Heather\Desktop\SystemLook.exe
2014-01-27 15:28 - 2014-01-27 15:24 - 04745728 _____ (AVAST Software) C:\Users\Heather\Desktop\aswMBR.exe
2014-01-27 12:06 - 2014-01-27 11:43 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Heather\Desktop\tdsskiller.exe
2014-01-26 21:58 - 2009-07-14 12:52 - 00024128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\atapi.sys
2014-01-26 21:55 - 2014-01-24 12:34 - 05175240 ____R (Swearware) C:\Users\Heather\Desktop\ComboFix.exe
2014-01-25 14:42 - 2014-01-25 14:54 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-25 13:52 - 2014-01-25 13:52 - 00002117 _____ C:\Users\Heather\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-25 13:52 - 2014-01-25 13:52 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2014-01-25 13:49 - 2014-01-25 09:06 - 05048198 _____ C:\Users\Heather\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-01-25 13:40 - 2014-01-28 16:58 - 00000000 ____D C:\Users\Heather\Desktop\Clean-Up
2014-01-24 14:39 - 2014-01-28 15:48 - 00000000 ____D C:\Qoobox
2014-01-24 14:39 - 2011-06-26 17:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-24 14:39 - 2010-11-08 04:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-20 11:54 - 2014-01-20 11:59 - 00000000 ____D C:\Users\Heather\Downloads\Avast Internet Security
2014-01-20 11:28 - 2014-01-20 11:28 - 00001737 _____ C:\Users\Heather\Desktop\License_14617881.avastlic
2014-01-16 10:45 - 2013-11-27 12:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 10:45 - 2013-11-26 21:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 10:40 - 2013-11-26 22:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-13 20:05 - 2014-01-13 20:06 - 05519212 _____ C:\Users\Heather\Downloads\Master Tradesmen at Work.zip
2014-01-13 16:23 - 2014-01-13 16:23 - 01876510 _____ C:\Users\Heather\Downloads\Pas-mal-le-depanneur11.mp4
2014-01-13 07:14 - 2014-01-13 07:15 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-10 19:09 - 2013-10-25 17:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-10 19:09 - 2013-10-25 17:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-10 19:09 - 2013-10-25 15:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-10 19:09 - 2013-10-25 14:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-10 19:09 - 2013-10-25 14:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-10 19:09 - 2013-10-25 13:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-10 19:08 - 2013-10-25 17:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-10 19:08 - 2013-10-25 17:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-10 19:08 - 2013-10-25 17:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-10 19:08 - 2013-10-25 17:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-10 19:08 - 2013-10-25 17:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-10 19:08 - 2013-10-25 15:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-10 19:08 - 2013-10-25 15:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-10 19:08 - 2013-10-25 15:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-10 19:08 - 2013-10-25 15:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-10 19:08 - 2013-10-25 15:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-10 19:08 - 2013-10-25 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-09 18:21 - 2014-01-25 13:57 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-09 18:18 - 2014-01-09 18:18 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Macrovision
2014-01-07 16:06 - 2014-01-07 16:06 - 00002262 _____ C:\Users\Heather\Desktop\HP Deskjet 3050 J610 series.lnk
2014-01-07 14:26 - 2014-01-07 14:27 - 00000000 ____D C:\Program Files (x86)\Virgin Mobile
2014-01-07 14:26 - 2014-01-07 14:26 - 00001025 _____ C:\Users\Public\Desktop\Virgin Mobile.lnk
2014-01-07 14:26 - 2009-09-10 15:31 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-01-07 14:26 - 2009-09-04 15:13 - 00216576 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2014-01-07 14:26 - 2009-07-24 15:52 - 00114560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbdev.sys
2014-01-07 14:26 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-01-07 10:29 - 2014-01-28 15:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl

==================== One Month Modified Files and Folders =======

2014-01-28 16:59 - 2014-01-28 16:58 - 00014676 _____ C:\Users\Heather\Desktop\FRST.txt
2014-01-28 16:58 - 2014-01-28 16:58 - 00000000 ____D C:\FRST
2014-01-28 16:58 - 2014-01-25 13:40 - 00000000 ____D C:\Users\Heather\Desktop\Clean-Up
2014-01-28 16:55 - 2014-01-28 16:58 - 02079232 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-01-28 16:47 - 2012-11-07 14:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 16:31 - 2010-07-20 19:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-28 15:48 - 2014-01-24 14:39 - 00000000 ____D C:\Qoobox
2014-01-28 15:48 - 2009-07-14 16:10 - 01958086 _____ C:\Windows\WindowsUpdate.log
2014-01-28 15:48 - 2009-07-14 15:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 15:48 - 2009-07-14 15:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 15:47 - 2014-01-28 15:47 - 00015618 _____ C:\ComboFix.txt
2014-01-28 15:47 - 2009-07-14 16:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 15:43 - 2011-07-22 13:36 - 00000000 ____D C:\Windows\ERDNT
2014-01-28 15:43 - 2010-07-20 19:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-28 15:43 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2014-01-28 15:42 - 2014-01-07 10:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-28 15:42 - 2013-06-12 12:23 - 00022468 _____ C:\Windows\setupact.log
2014-01-28 15:42 - 2009-12-02 01:59 - 00618478 _____ C:\Windows\PFRO.log
2014-01-28 15:42 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 15:24 - 2010-02-08 16:56 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Skype
2014-01-28 15:23 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\tracing
2014-01-27 22:02 - 2014-01-27 21:59 - 00003234 _____ C:\Users\Heather\Desktop\SystemLook.txt
2014-01-27 21:43 - 2014-01-27 21:58 - 00139264 _____ C:\Users\Heather\Desktop\SystemLook.exe
2014-01-27 18:00 - 2013-10-06 18:13 - 00000468 _____ C:\Windows\Tasks\SpeedMaxPc Registration3.job
2014-01-27 15:24 - 2014-01-27 15:28 - 04745728 _____ (AVAST Software) C:\Users\Heather\Desktop\aswMBR.exe
2014-01-27 11:50 - 2010-02-08 08:00 - 00000000 ____D C:\Users\Heather\AppData\Local\SoftThinks
2014-01-27 11:43 - 2014-01-27 12:06 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Heather\Desktop\tdsskiller.exe
2014-01-25 14:58 - 2010-02-08 08:00 - 00068328 _____ C:\Users\Heather\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-25 14:57 - 2009-07-14 15:45 - 00310896 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-25 14:54 - 2014-01-25 14:42 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-25 14:51 - 2009-07-14 13:34 - 00000439 _____ C:\Windows\win.ini
2014-01-25 13:57 - 2014-01-09 18:21 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-25 13:57 - 2011-12-27 11:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 13:52 - 2014-01-25 13:52 - 00002117 _____ C:\Users\Heather\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-25 13:52 - 2014-01-25 13:52 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2014-01-25 13:39 - 2013-10-06 18:13 - 00000426 _____ C:\Windows\Tasks\SpeedMaxPc Update3.job
2014-01-25 13:39 - 2012-07-08 14:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-25 09:06 - 2014-01-25 13:49 - 05048198 _____ C:\Users\Heather\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-01-24 14:50 - 2009-07-14 13:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_798
2014-01-24 12:34 - 2014-01-26 21:55 - 05175240 ____R (Swearware) C:\Users\Heather\Desktop\ComboFix.exe
2014-01-20 11:59 - 2014-01-20 11:54 - 00000000 ____D C:\Users\Heather\Downloads\Avast Internet Security
2014-01-20 11:28 - 2014-01-20 11:28 - 00001737 _____ C:\Users\Heather\Desktop\License_14617881.avastlic
2014-01-20 11:26 - 2012-12-28 23:37 - 00000000 ____D C:\Users\Heather\Downloads\maintenance
2014-01-16 10:57 - 2009-12-02 00:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 10:56 - 2013-07-25 18:47 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 10:55 - 2010-02-08 10:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 20:06 - 2014-01-13 20:05 - 05519212 _____ C:\Users\Heather\Downloads\Master Tradesmen at Work.zip
2014-01-13 19:14 - 2013-03-14 07:02 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-01-13 16:23 - 2014-01-13 16:23 - 01876510 _____ C:\Users\Heather\Downloads\Pas-mal-le-depanneur11.mp4
2014-01-13 13:40 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-13 07:15 - 2014-01-13 07:14 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-13 07:15 - 2013-11-20 15:10 - 00002034 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-13 07:15 - 2013-01-19 16:02 - 00001974 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-13 07:14 - 2013-03-14 07:03 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-13 07:14 - 2011-03-05 20:40 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-13 07:14 - 2011-03-05 20:40 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-13 07:14 - 2011-03-05 20:40 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-13 07:14 - 2011-03-05 20:40 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-13 07:14 - 2011-03-05 20:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-09 18:18 - 2014-01-09 18:18 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Macrovision
2014-01-08 08:17 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-07 18:50 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2014-01-07 16:18 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-07 16:06 - 2014-01-07 16:06 - 00002262 _____ C:\Users\Heather\Desktop\HP Deskjet 3050 J610 series.lnk
2014-01-07 14:27 - 2014-01-07 14:26 - 00000000 ____D C:\Program Files (x86)\Virgin Mobile
2014-01-07 14:26 - 2014-01-07 14:26 - 00001025 _____ C:\Users\Public\Desktop\Virgin Mobile.lnk
2013-12-31 08:50 - 2010-02-08 16:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-30 11:25 - 2009-07-14 16:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-20 10:17

==================== End Of Log ============================

 

 

And here is the Addition Log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 02
Ran by Heather at 2014-01-28 16:59:42
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Internet Security (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
ATI Catalyst Control Center (x32 Version: 2.009.0625.1811 - )
avast! Internet Security (x32 Version: 9.0.2011 - Avast Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0625.1812.30825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help English (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help French (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help German (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
ccc-utility64 (Version: 2009.0625.1812.30825 - ATI) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
CutePDF Writer 2.8 (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (x32 Version: 2.31 - Dell)
Dell DataSafe Local Backup (x32 Version: 9.3.44 - Dell)
Dell DataSafe Online (x32 Version: 1.2.0009 - Dell, Inc.)
Dell Dock (Version: 2.0.0 - Dell)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (x32 Version: 1.3.0.0 - Dell Inc.)
Dell Support Center (Support Software) (x32 Version: 2.5.09100 - Dell)
Dell Touchpad (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (x32 Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0 - Dell Inc.)
ESET Online Scanner v3 (x32 Version:  - )
Eureka's Jigsaw Mania (x32 Version: 2.00.000 - )
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (x32 Version:  - )
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0 - Hewlett-Packard Co.)
Intel® Rapid Storage Technology (x32 Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PowerDVD DX (x32 Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (Version: 9.6.6 - Dell Inc.)
Roxio Burn (x32 Version: 1.0 - Roxio)
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SpeedMaxPc (x32 Version: 3.1.8.0 - SpeedMaxPc)
Tweaking.com - Windows Repair (All in One) (x32 Version: 2.1.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Virgin Mobile (x32 Version: 13.001.07.01.261 - Huawei Technologies Co.,Ltd)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

09-01-2014 07:23:24 Windows Update
10-01-2014 08:07:52 Windows Update
12-01-2014 20:11:55 avast! antivirus system restore point
12-01-2014 20:15:19 Device Driver Package Install: Avast Network Service
14-01-2014 06:07:38 Windows Update
15-01-2014 23:54:52 Windows Update
19-01-2014 22:33:20 OTL Restore Point - 1/20/2014 9:33:15 AM
24-01-2014 03:39:56 ComboFix created restore point
24-01-2014 09:51:28 Windows Update
25-01-2014 03:40:41 Tweaking.com - Windows Repair
27-01-2014 06:20:15 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 13:34 - 2014-01-28 15:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {232B918B-4658-4C45-B84D-55A663236425} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {5ED5CE0E-7740-4F3D-ACEF-26BA7A04FB28} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-13] (AVAST Software)
Task: {6ABA36F1-EF9C-4958-9A72-489A00CAB572} - System32\Tasks\{B2E300FB-7D68-48E7-A389-4F102881EDCA} => Iexplore.exe http://ui.skype.com/...all?page=tsBing
Task: {7755D4C7-BAAE-4109-846D-3209222FE9F8} - System32\Tasks\{F54107BC-3680-4B09-A598-02ECE796B436} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {91312BE9-0128-4EC8-BEE7-00258E8B408D} - System32\Tasks\{2236765F-459C-4767-80C7-584ED9EAAE47} => Iexplore.exe http://ui.skype.com/...all?page=tsBing
Task: {9C63010B-64BA-4C4D-AB07-D44CB107C020} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20] (Google Inc.)
Task: {B8D7B697-E3E2-41F6-95FC-CD08CEE701B5} - System32\Tasks\SpeedMaxPc Update3 => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-12] (SpeedMaxPc)
Task: {C0EA7AB7-E282-466D-AD6F-AF3871106211} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20] (Google Inc.)
Task: {C988EE6E-E1AB-4CA4-8069-27F00CA8FBA2} - System32\Tasks\SpeedMaxPc Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\UUS3.dll" RunUns
Task: {DC506885-2474-454B-B038-20AF9C5387CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {EEAD91E1-F935-4A0E-BA96-6AF76D570BED} - System32\Tasks\DGTFM1K1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedMaxPc Registration3.job => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedMaxPc Update3.job => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe

==================== Loaded Modules (whitelisted) =============

2014-01-18 11:45 - 2014-01-18 08:22 - 02155008 _____ () C:\Program Files\AVAST Software\Avast\defs\14011701\algo.dll
2009-12-02 00:19 - 2009-09-18 06:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-12-02 00:19 - 2009-09-18 06:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Heather\Downloads\Your Garden.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2014 04:12:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2014 03:24:49 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/27/2014 09:55:13 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/27/2014 01:10:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/27/2014 11:50:57 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/26/2014 10:38:13 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/26/2014 09:50:21 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/26/2014 03:30:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/26/2014 02:33:17 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/25/2014 06:05:24 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

System errors:
=============
Error: (01/28/2014 04:57:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (01/28/2014 04:57:33 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (01/28/2014 04:57:32 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (01/28/2014 03:49:44 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/28/2014 03:41:54 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/28/2014 03:38:47 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (01/28/2014 03:31:42 PM) (Source: Service Control Manager) (User: )
Description: The Skype C2C Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/28/2014 03:24:39 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (01/28/2014 03:24:38 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (01/27/2014 05:40:52 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-01-25 18:40:48.453
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-25 18:40:47.813
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-25 18:40:47.236
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-25 18:40:46.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-24 14:49:13.149
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-01-24 14:49:12.469
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 4092.36 MB
Available physical RAM: 2903.52 MB
Total Pagefile: 8182.89 MB
Available Pagefile: 6932.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:395.01 GB) NTFS
Drive e: (Virgin Mobile) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive g: (USB DISK) (Removable) (Total:0.48 GB) (Free:0.42 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 75349890)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 496 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=495 MB) - (Type=04)

==================== End Of Log ============================



#27 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 28 January 2014 - 10:35 AM

There are some minor issues but the system files look good.
 
Let's take care of what this tool found:
 
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

start
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
AlternateDataStreams: C:\Users\Heather\Downloads\Your Garden.eml:OECustomProperty
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also, let's find a replacement file,

 

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefinduserinit.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#28 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 183 posts

Posted 28 January 2014 - 04:19 PM

Hi Tomk,

 

Done that and logs follow. I noticed that SystemLook advised running a 64-bit version; is that necessary and where would I get that?

 

Here is the FRST log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 02
Ran by Heather at 2014-01-29 09:10:23 Run:1
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} URL =

 

 

 
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
AlternateDataStreams: C:\Users\Heather\Downloads\Your Garden.eml:OECustomProperty
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} => Key deleted successfully.
HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} => Key deleted successfully.
HKCR\CLSID\{F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\Users\Heather\Downloads\Your Garden.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog ====

 

 

And here is the SystemLook log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 09:11 on 29/01/2014 by Heather
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

Invalid Context: filefinduserinit.exe

-= EOF =-

 

Here is the parameter file contents I used:

 

:filefinduserinit.exe


Edited by kangaroo, 28 January 2014 - 07:02 PM.


#29 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,115 posts

Posted 28 January 2014 - 04:35 PM

Unfortunately, I missed that the forum software scrambled the script and made two lines into one - so it didn't work.

 

Here is link for 64 bit version: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

 

And the corrected script

:filefind
userinit.exe

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#30 kangaroo

kangaroo

    Authentic Member

  • Authentic Member
  • PipPip
  • 183 posts

Posted 28 January 2014 - 07:01 PM

Hi Tomk,

 

Done with 64-bit version of SystemLook. Here is the log:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 11:38 on 29/01/2014 by Heather
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.exe"
C:\Windows\ERDNT\cache64\userinit.exe --a---- 30720 bytes [02:48 22/07/2011] [13:25 20/11/2010] BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\ERDNT\cache86\userinit.exe --a---- 26624 bytes [02:48 22/07/2011] [12:17 20/11/2010] 61AC3EFDFACFDD3F0F11DD4FD4044223
C:\Windows\System32\userinit.exe --a---- 30720 bytes [04:26 08/03/2011] [13:25 20/11/2010] BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\SysWOW64\userinit.exe --a---- 26624 bytes [04:26 08/03/2011] [12:17 20/11/2010] 61AC3EFDFACFDD3F0F11DD4FD4044223
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe --a---- 30208 bytes [23:50 13/07/2009] [01:39 14/07/2009] 6F8F1376A13114CC10C0E69274F5A4DE
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe --a---- 30720 bytes [04:26 08/03/2011] [13:25 20/11/2010] BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe --a---- 26624 bytes [04:26 08/03/2011] [12:17 20/11/2010] 61AC3EFDFACFDD3F0F11DD4FD4044223

-= EOF =-


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users