Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Ads running in background while nothing is open

(In Progress)
(!)

LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 04:00 AM #1
Ads running in background while nothing is open
recently ive been hearing ads running in background of my comp while nothing is on. also noticed i had some kind of dll error popping up so after many scans n searches i decided to just restore whole system and yet i am stil hearing these ads and i cannot seem to get windows upodater turned on to update and at times see a msg saying group application or something not opened (dont remember exactly what it said) any help?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,755 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Mar-2013, 09:36 AM #2
If you follow the advice in the sticky at the top of the forum, you get better help, without us having to repeat the instructions after you have been waiting & slow it down even more

follow advice here and post the logs those programs make
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 12:40 PM #3
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:36:28 AM, on 3/7/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\System Registration\prodreg.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SMXRTJYW\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7800 bytes

other programs i DL and try to run says something about dependancy service or group failed to start

Last edited by LostInTec; 07-Mar-2013 at 12:45 PM.. Reason: updated what msg says when try to open programs
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 01:01 PM #4
ok running other programs now had to save themelsewhere on compouter to use not in download folder will post when complete
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 01:04 PM #5
will DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Home at 11:59:01 on 2013-03-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2372 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\System Registration\prodreg.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{0E093520-E034-4D30-8E80-A06026065C34} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-1-11 55856]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-3-7 465216]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-11 202752]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-3-7 821592]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-1-11 1692480]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-3-7 21384]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2012-1-11 320040]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-3-7 33224]
R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-3-7 21904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-07 16:46:57 -------- d-----w- C:\Users\Home\My Backup Files
2013-03-07 07:39:39 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2013-03-07 07:32:50 -------- d-----w- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-07 07:32:45 -------- d-----w- C:\ProgramData\IObit
2013-03-07 07:32:43 -------- d-----w- C:\Users\Home\AppData\Roaming\IObit
2013-03-07 07:32:29 -------- d-----w- C:\Program Files (x86)\IObit
2013-03-07 07:30:09 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-07 07:21:49 -------- d-----w- C:\Users\Home\AppData\Local\ElevatedDiagnostics
2013-03-07 07:18:29 -------- d-----w- C:\Users\Home\AppData\Local\Diagnostics
2013-03-07 04:49:36 972264 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F71498DF-389E-4C79-A176-7FC12D738B1C}\gapaengine.dll
2013-03-07 04:49:16 9162192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6D1DE8A0-60EA-4BD0-A351-4426033EBE42}\mpengine.dll
2013-03-07 04:46:47 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-03-07 04:46:39 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-03-07 04:43:19 -------- d-----w- C:\Users\Home\AppData\Roaming\Fingertapps
2013-03-07 04:43:07 -------- d-----w- C:\Users\Home\AppData\Local\ATI
2013-03-07 04:42:40 -------- d-----w- C:\Users\Home\AppData\Roaming\Dell
2013-03-07 04:42:34 -------- d-----w- C:\Users\Home\AppData\Roaming\Dell Touch Zone
2013-03-07 04:42:28 -------- d-----w- C:\Users\Home\AppData\Local\Dell
2013-03-07 04:37:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-03-07 04:37:10 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-03-07 04:37:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-03-07 04:22:17 -------- d-----w- C:\Program Files (x86)\Enchanted Cavern
2013-03-07 04:21:12 -------- d-----w- C:\ProgramData\Big Fish Games
2013-03-07 04:21:09 -------- d-----w- C:\Program Files (x86)\bfgclient
2013-03-07 04:18:21 -------- d-----w- C:\BigFishGamesCache
2013-03-07 04:15:57 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-03-07 04:04:52 -------- d-----w- C:\Users\Home\AppData\Local\Nero_AG
2013-03-07 03:57:11 -------- d-----w- C:\Windows\SMINST
2013-03-07 03:51:04 -------- d-----w- C:\AeriaGames
2013-03-07 03:50:57 82944 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPP9I.DLL
2013-03-07 03:50:57 27648 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPD9I.DLL
2013-03-07 03:49:46 279040 ----a-w- C:\Windows\System32\CNMLM9I.DLL
.
==================== Find3M ====================
.
2013-03-07 07:30:09 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-20 21:59:04 230320 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 21:59:04 130008 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
.
============= FINISH: 12:01:04.22 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/6/2013 11:36:03 PM
System Uptime: 3/7/2013 11:55:51 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 04GJJT
Processor: AMD Athlon(tm) II X2 250 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 412.378 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP83: 3/2/2013 4:15:17 AM - Windows Update
RP84: 3/5/2013 4:18:16 AM - Windows Update
RP85: 3/6/2013 7:50:47 PM - Restore Operation
RP86: 3/6/2013 8:07:42 PM - Windows Update
RP87: 3/6/2013 9:11:31 PM - Restore Operation
RP25: 3/6/2013 10:57:06 PM - Windows Update
RP26: 3/6/2013 11:05:07 PM - Removed eBay
RP27: 3/6/2013 11:25:30 PM - Removed Aeria Ignite
RP24: 3/6/2013 11:36:09 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
Advanced SystemCare 6
ATI Catalyst Control Center
Big Fish Games: Game Manager
Blio
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell Stage Remote
Dell Support Center
Dell VideoStage
DirectX 9 Runtime
Enchanted Cavern
Grand Fantasia
High-Definition Video Playback
IObit Malware Fighter
Java Auto Updater
Java(TM) 6 Update 27
Java(TM) 6 Update 27 (64-bit)
Junk Mail filter update
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
PhotoShowExpress
PlayReady PC Runtime x86
RBVirtualFolder64Inst
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skins
Skype™ 6.1
Sonic CinePlayer Decoder Pack
SyncUP
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
3/7/2013 3:35:57 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
3/7/2013 3:35:57 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
3/7/2013 3:29:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service wuauserv with arguments "" in order to run the server: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}
3/7/2013 3:28:17 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 3:28:17 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 3:28:17 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 3:23:12 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 3:19:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service BITS with arguments "" in order to run the server: {659CDEA7-489E-11D9-A9CD-000D56965251}
3/7/2013 3:19:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
3/7/2013 3:19:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service BITS with arguments "" in order to run the server: {03CA98D6-FF5D-49B8-ABC6-03DD84127020}
3/7/2013 2:51:36 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 2:49:36 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 2:32:50 AM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 6 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/7/2013 11:59:22 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:57:08 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:56:42 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002dc4a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030713-43695-01.
3/7/2013 11:53:59 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 7 time(s).
3/7/2013 11:53:59 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 7 time(s).
3/7/2013 11:53:59 AM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 7 time(s).
3/7/2013 11:53:58 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:50:50 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 6 time(s).
3/7/2013 11:50:50 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 6 time(s).
3/7/2013 11:50:50 AM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 6 time(s).
3/7/2013 11:50:50 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
3/7/2013 11:50:50 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2013 11:49:41 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:49:35 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
3/7/2013 11:49:35 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s).
3/7/2013 11:49:35 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
3/7/2013 11:49:35 AM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 5 time(s).
3/7/2013 11:49:35 AM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
3/7/2013 11:49:18 AM, Error: Service Control Manager [7001] - The Application Information service depends on the User Profile Service service which failed to start because of the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:49:18 AM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:46:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Experience service to connect.
3/7/2013 11:46:49 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/7/2013 11:46:45 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
3/7/2013 11:46:45 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
3/7/2013 11:46:45 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
3/7/2013 11:46:45 AM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 4 time(s).
3/7/2013 11:46:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "776" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
3/7/2013 11:42:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
3/7/2013 11:42:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
3/7/2013 11:40:16 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
3/7/2013 11:40:16 AM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
3/7/2013 11:40:16 AM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 3 time(s).
3/7/2013 11:40:16 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 11:39:25 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/7/2013 11:38:25 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:37:25 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 11:37:25 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2013 11:37:25 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 11:37:25 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2013 11:37:25 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2013 11:37:25 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 11:35:11 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/7/2013 11:35:11 AM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:35:11 AM, Error: Service Control Manager [7000] - The Group Policy Client service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:34:25 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:34:11 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:34:11 AM, Error: Service Control Manager [7000] - The Task Scheduler service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2013 11:33:11 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2013 11:30:33 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002d7fe20, 0x0000000000000000, 0x000000000000005c). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030713-41901-01.
.
==== End Of File ===========================

Running GMER now
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 02:28 PM #6
GMER 2.1.19155 - http://www.gmer.net
Rootkit scan 2013-03-07 13:28:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500413AS rev.JC49 465.76GB
Running: GMER.exe; Driver: C:\Users\Home\AppData\Local\Temp\pxldipow.sys

---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\svchost.exe[1048] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefdc37490 9 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1048] C:\Windows\system32\ole32.dll!CoCreateInstance + 11 000007fefdc3749b 3 bytes [00, 00, 00]
.text C:\Windows\system32\svchost.exe[1048] C:\Windows\system32\ole32.dll!CoGetClassObject 000007fefdc42e18 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1048] C:\Windows\system32\ws2_32.dll!GetAddrInfoW + 1 000007fefdab23c1 13 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1048] C:\Windows\system32\winmm.dll!waveOutOpen 000007fefb8a38d0 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Windows\system32\svchost.exe[1048] C:\Windows\system32\dsound.dll!DirectSoundCreate 000007fefb145a84 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
.text C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE[2052] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
.text ... * 2
.text C:\Program Files (x86)\System Registration\prodreg.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
.text C:\Program Files (x86)\System Registration\prodreg.exe[808] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
.text ... * 2
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[3616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
.text C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe[3616] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076562da4 5 bytes JMP 000000016c319934
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007657cbf3 5 bytes JMP 000000016c46605e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007657cfca 5 bytes JMP 000000016c27160b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007659cb0c 5 bytes JMP 000000016c465ff9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007659ce64 5 bytes JMP 000000016c4660c3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000765afbd1 5 bytes JMP 000000016c465f80
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000765afc9d 5 bytes JMP 000000016c465f07
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000765afcd6 5 bytes JMP 000000016c465ea3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000765afcfa 5 bytes JMP 000000016c465e3f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000074d093ec 5 bytes JMP 000000016c466278
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll !PropertySheetW 000000007331388e 5 bytes JMP 000000016c466128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll !PropertySheet 00000000733b7922 5 bytes JMP 000000016c4661d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4072] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076222694 5 bytes JMP 000000016c466470
? C:\Windows\system32\mssprxy.dll [4072] entry point in ".rdata" section 0000000066e271e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773f25dd 6 bytes JMP 000000016c337b32
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774024e0 6 bytes JMP 000000016c2d9465
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000766534a5 5 bytes JMP 000000016c2d723b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076558a29 5 bytes JMP 000000016c33feaf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007655d22e 5 bytes JMP 000000016c2e3293
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007656291f 5 bytes JMP 000000016c2bdba7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076562da4 5 bytes JMP 000000016c319934
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076566285 5 bytes JMP 000000016c337acf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076567603 5 bytes JMP 000000016c3120c4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007656b029 5 bytes JMP 000000016c466400
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007656c63e 5 bytes JMP 000000016c466438
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000765750ed 5 bytes JMP 000000016c466afb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076575246 5 bytes JMP 000000016c466390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!EndDialog 000000007657b99c 5 bytes JMP 000000016c466dcf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007657c701 5 bytes JMP 000000016c466b23
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007657cbf3 5 bytes JMP 000000016c46605e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007657cfca 5 bytes JMP 000000016c27160b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007657eb96 5 bytes JMP 000000016c2bdccd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007657f52b 5 bytes JMP 000000016c35ea88
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SendInput 000000007657ff4a 5 bytes JMP 000000016c467391
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000765810dc 5 bytes JMP 000000016c4663c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000765814b2 5 bytes JMP 000000016c4673e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076599cfd 5 bytes JMP 000000016c46746a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007659cb0c 5 bytes JMP 000000016c465ff9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007659ce64 5 bytes JMP 000000016c4660c3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000765afbd1 5 bytes JMP 000000016c465f80
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000765afc9d 5 bytes JMP 000000016c465f07
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000765afcd6 5 bytes JMP 000000016c465ea3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000765afcfa 5 bytes JMP 000000016c465e3f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765b02bf 5 bytes JMP 000000016c46734e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075db6143 5 bytes JMP 000000016c46682d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074ca3e59 5 bytes JMP 000000016c466925
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074ca3eae 5 bytes JMP 000000016c4669a3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074ca4731 5 bytes JMP 000000016c466897
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074ca5dee 5 bytes JMP 000000016c466943
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000074d093ec 5 bytes JMP 000000016c466278
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll !PropertySheetW 000000007331388e 5 bytes JMP 000000016c466128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll !PropertySheet 00000000733b7922 5 bytes JMP 000000016c4661d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000762133a3 5 bytes JMP 000000016c466514
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076222694 5 bytes JMP 000000016c466470
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5060] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007622e8ff 5 bytes JMP 000000016c4665e0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000773f25dd 6 bytes JMP 000000016c337b32
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774024e0 6 bytes JMP 000000016c2d9465
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000766534a5 5 bytes JMP 000000016c2d723b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000076558a29 5 bytes JMP 000000016c33feaf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!CreateWindowExA 000000007655d22e 5 bytes JMP 000000016c2e3293
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007656291f 5 bytes JMP 000000016c2bdba7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076562da4 5 bytes JMP 000000016c319934
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076566285 5 bytes JMP 000000016c337acf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000076567603 5 bytes JMP 000000016c3120c4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007656b029 5 bytes JMP 000000016c466400
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 000000007656c63e 5 bytes JMP 000000016c466438
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!IsDialogMessage 00000000765750ed 5 bytes JMP 000000016c466afb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000076575246 5 bytes JMP 000000016c466390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!EndDialog 000000007657b99c 5 bytes JMP 000000016c466dcf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 000000007657c701 5 bytes JMP 000000016c466b23
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 000000007657cbf3 5 bytes JMP 000000016c46605e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 000000007657cfca 5 bytes JMP 000000016c27160b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007657eb96 5 bytes JMP 000000016c2bdccd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007657f52b 5 bytes JMP 000000016c35ea88
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!SendInput 000000007657ff4a 5 bytes JMP 000000016c467391
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 00000000765810dc 5 bytes JMP 000000016c4663c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000765814b2 5 bytes JMP 000000016c4673e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000076599cfd 5 bytes JMP 000000016c46746a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007659cb0c 5 bytes JMP 000000016c465ff9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007659ce64 5 bytes JMP 000000016c4660c3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 00000000765afbd1 5 bytes JMP 000000016c465f80
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 00000000765afc9d 5 bytes JMP 000000016c465f07
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000765afcd6 5 bytes JMP 000000016c465ea3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000765afcfa 5 bytes JMP 000000016c465e3f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\USER32.dll!keybd_event 00000000765b02bf 5 bytes JMP 000000016c46734e
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075db6143 5 bytes JMP 000000016c46682d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000074ca3e59 5 bytes JMP 000000016c466925
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000074ca3eae 5 bytes JMP 000000016c4669a3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000074ca4731 5 bytes JMP 000000016c466897
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000074ca5dee 5 bytes JMP 000000016c466943
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 0000000074d093ec 5 bytes JMP 000000016c466278
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
.text ... * 2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll !PropertySheetW 000000007331388e 5 bytes JMP 000000016c466128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll !PropertySheet 00000000733b7922 5 bytes JMP 000000016c4661d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000762133a3 5 bytes JMP 000000016c466514
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000076222694 5 bytes JMP 000000016c466470
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[4736] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 000000007622e8ff 5 bytes JMP 000000016c4665e0
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2208:2496] 000007fefbba2ab8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [2208:4192] 000007fef90a5124
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\TrustedInstaller@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\TrustedInstaller
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,755 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Mar-2013, 02:34 PM #7
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 02:46 PM #8
i try to open after download and get an error message saying "The client of a component has requested an operation which is not valid given the state of the component instance"
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 03:01 PM #9
ok ran it in safe mode then rebooted ran again normal load up found same thing here is the log
13:57:56.0286 2816 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

13:57:56.0691 2816 ============================================================

13:57:56.0691 2816 Current date / time: 2013/03/07 13:57:56.0691

13:57:56.0691 2816 SystemInfo:

13:57:56.0691 2816

13:57:56.0691 2816 OS Version: 6.1.7601 ServicePack: 1.0

13:57:56.0691 2816 Product type: Workstation

13:57:56.0691 2816 ComputerName: HOME-PC

13:57:56.0691 2816 UserName: Home

13:57:56.0691 2816 Windows directory: C:\Windows

13:57:56.0691 2816 System windows directory: C:\Windows

13:57:56.0691 2816 Running under WOW64

13:57:56.0691 2816 Processor architecture: Intel x64

13:57:56.0691 2816 Number of processors: 2

13:57:56.0691 2816 Page size: 0x1000

13:57:56.0691 2816 Boot type: Normal boot

13:57:56.0691 2816 ============================================================

13:58:08.0503 2816 BG loaded

13:58:10.0421 2816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:58:10.0451 2816 ============================================================

13:58:10.0451 2816 \Device\Harddisk0\DR0:

13:58:10.0451 2816 MBR partitions:

13:58:10.0451 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000

13:58:10.0451 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x385D2800

13:58:10.0451 2816 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000

13:58:10.0451 2816 ============================================================

13:58:10.0571 2816 C: <-> \Device\Harddisk0\DR0\Partition2

13:58:10.0581 2816 ============================================================

13:58:10.0581 2816 Initialize success

13:58:10.0581 2816 ============================================================

13:58:15.0550 3828 ============================================================

13:58:15.0550 3828 Scan started

13:58:15.0550 3828 Mode: Manual;

13:58:15.0550 3828 ============================================================

13:58:17.0126 3828 ================ Scan system memory ========================

13:58:17.0126 3828 System memory - ok

13:58:17.0126 3828 ================ Scan services =============================

13:58:18.0795 3828 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

13:58:18.0795 3828 1394ohci - ok

13:58:18.0873 3828 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

13:58:18.0889 3828 ACPI - ok

13:58:18.0920 3828 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

13:58:18.0920 3828 AcpiPmi - ok

13:58:19.0903 3828 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:58:19.0918 3828 AdobeFlashPlayerUpdateSvc - ok

13:58:19.0996 3828 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

13:58:20.0012 3828 adp94xx - ok

13:58:20.0074 3828 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

13:58:20.0090 3828 adpahci - ok

13:58:20.0105 3828 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

13:58:20.0121 3828 adpu320 - ok

13:58:20.0870 3828 [ CBFAA333EBA2E402A0439A3A0E5413F3 ] AdvancedSystemCareService6 C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

13:58:20.0901 3828 AdvancedSystemCareService6 - ok

13:58:20.0948 3828 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:58:20.0948 3828 AeLookupSvc - ok

13:58:21.0307 3828 [ D5B031C308A409A0A576BFF4CF083D30 ] AFD C:\Windows\system32\drivers\afd.sys

13:58:21.0307 3828 AFD - ok

13:58:21.0322 3828 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

13:58:21.0338 3828 agp440 - ok

13:58:21.0338 3828 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

13:58:21.0338 3828 ALG - ok

13:58:21.0385 3828 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

13:58:21.0385 3828 aliide - ok

13:58:21.0431 3828 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

13:58:21.0431 3828 AMD External Events Utility - ok

13:58:21.0447 3828 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

13:58:21.0447 3828 amdide - ok

13:58:21.0478 3828 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

13:58:21.0478 3828 AmdK8 - ok

13:58:21.0494 3828 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

13:58:21.0494 3828 AmdPPM - ok

13:58:21.0509 3828 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

13:58:21.0509 3828 amdsata - ok

13:58:21.0556 3828 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

13:58:21.0556 3828 amdsbs - ok

13:58:21.0603 3828 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

13:58:21.0603 3828 amdxata - ok

13:58:21.0634 3828 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

13:58:21.0634 3828 AppID - ok

13:58:21.0665 3828 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

13:58:21.0665 3828 AppIDSvc - ok

13:58:21.0681 3828 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

13:58:21.0681 3828 Appinfo - ok

13:58:21.0697 3828 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

13:58:21.0697 3828 arc - ok

13:58:21.0790 3828 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

13:58:21.0790 3828 arcsas - ok

13:58:22.0180 3828 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:58:22.0243 3828 aspnet_state - ok

13:58:22.0274 3828 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:58:22.0289 3828 AsyncMac - ok

13:58:22.0289 3828 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

13:58:22.0289 3828 atapi - ok

13:58:22.0399 3828 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

13:58:22.0399 3828 AtiHdmiService - ok

13:58:22.0960 3828 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

13:58:22.0991 3828 atikmdag - ok

13:58:23.0116 3828 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\drivers\AtiPcie.sys

13:58:23.0116 3828 AtiPcie - ok

13:58:23.0272 3828 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:58:23.0288 3828 AudioEndpointBuilder - ok

13:58:23.0522 3828 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

13:58:23.0522 3828 AudioSrv - ok

13:58:23.0647 3828 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

13:58:23.0647 3828 AxInstSV - ok

13:58:23.0756 3828 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

13:58:23.0771 3828 b06bdrv - ok

13:58:23.0865 3828 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

13:58:23.0865 3828 b57nd60a - ok

13:58:24.0068 3828 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

13:58:24.0068 3828 BDESVC - ok

13:58:24.0099 3828 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

13:58:24.0115 3828 Beep - ok

13:58:24.0239 3828 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

13:58:24.0255 3828 BFE - ok

13:58:24.0458 3828 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

13:58:24.0536 3828 BITS - ok

13:58:24.0614 3828 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

13:58:24.0614 3828 blbdrive - ok

13:58:24.0629 3828 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:58:24.0629 3828 bowser - ok

13:58:24.0692 3828 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

13:58:24.0692 3828 BrFiltLo - ok

13:58:24.0723 3828 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

13:58:24.0723 3828 BrFiltUp - ok

13:58:24.0754 3828 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

13:58:24.0754 3828 Browser - ok

13:58:24.0785 3828 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

13:58:24.0785 3828 Brserid - ok

13:58:24.0801 3828 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

13:58:24.0801 3828 BrSerWdm - ok

13:58:24.0832 3828 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

13:58:24.0832 3828 BrUsbMdm - ok

13:58:24.0848 3828 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

13:58:24.0848 3828 BrUsbSer - ok

13:58:24.0926 3828 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

13:58:24.0926 3828 BTHMODEM - ok

13:58:24.0957 3828 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

13:58:24.0957 3828 bthserv - ok

13:58:24.0973 3828 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:58:24.0973 3828 cdfs - ok

13:58:25.0004 3828 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:58:25.0004 3828 cdrom - ok

13:58:25.0035 3828 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

13:58:25.0051 3828 CertPropSvc - ok

13:58:25.0051 3828 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

13:58:25.0051 3828 circlass - ok

13:58:25.0144 3828 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

13:58:25.0300 3828 CLFS - ok

13:58:25.0612 3828 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:58:25.0628 3828 clr_optimization_v2.0.50727_32 - ok

13:58:25.0784 3828 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:58:25.0784 3828 clr_optimization_v2.0.50727_64 - ok

13:58:26.0158 3828 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:58:26.0299 3828 clr_optimization_v4.0.30319_32 - ok

13:58:26.0439 3828 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:58:26.0533 3828 clr_optimization_v4.0.30319_64 - ok

13:58:26.0564 3828 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

13:58:26.0564 3828 CmBatt - ok

13:58:26.0564 3828 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

13:58:26.0564 3828 cmdide - ok

13:58:26.0689 3828 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys

13:58:26.0720 3828 CNG - ok

13:58:26.0735 3828 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

13:58:26.0735 3828 Compbatt - ok

13:58:26.0798 3828 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

13:58:26.0798 3828 CompositeBus - ok

13:58:26.0829 3828 COMSysApp - ok

13:58:26.0829 3828 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

13:58:26.0829 3828 crcdisk - ok

13:58:26.0985 3828 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:58:27.0001 3828 CryptSvc - ok

13:58:27.0094 3828 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

13:58:27.0094 3828 DcomLaunch - ok

13:58:27.0203 3828 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

13:58:27.0219 3828 defragsvc - ok

13:58:27.0219 3828 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:58:27.0219 3828 DfsC - ok

13:58:27.0297 3828 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

13:58:27.0328 3828 Dhcp - ok

13:58:27.0344 3828 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

13:58:27.0344 3828 discache - ok

13:58:27.0391 3828 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

13:58:27.0391 3828 Disk - ok

13:58:27.0437 3828 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:58:27.0437 3828 Dnscache - ok

13:58:27.0562 3828 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

13:58:27.0562 3828 dot3svc - ok

13:58:27.0687 3828 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

13:58:27.0687 3828 DPS - ok

13:58:27.0718 3828 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:58:27.0718 3828 drmkaud - ok

13:58:27.0843 3828 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:58:27.0859 3828 DXGKrnl - ok

13:58:27.0905 3828 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

13:58:27.0905 3828 EapHost - ok

13:58:28.0420 3828 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

13:58:28.0514 3828 ebdrv - ok

13:58:28.0576 3828 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe

13:58:28.0576 3828 EFS - ok

13:58:28.0685 3828 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:58:28.0763 3828 ehRecvr - ok

13:58:28.0873 3828 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

13:58:28.0873 3828 ehSched - ok

13:58:28.0966 3828 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

13:58:28.0982 3828 elxstor - ok

13:58:28.0997 3828 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

13:58:28.0997 3828 ErrDev - ok

13:58:29.0122 3828 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

13:58:29.0122 3828 EventSystem - ok

13:58:29.0185 3828 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

13:58:29.0185 3828 exfat - ok

13:58:29.0247 3828 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:58:29.0247 3828 fastfat - ok

13:58:29.0419 3828 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

13:58:29.0434 3828 Fax - ok

13:58:29.0450 3828 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

13:58:29.0450 3828 fdc - ok

13:58:29.0497 3828 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

13:58:29.0497 3828 fdPHost - ok

13:58:29.0497 3828 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

13:58:29.0512 3828 FDResPub - ok

13:58:29.0559 3828 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:58:29.0559 3828 FileInfo - ok

13:58:29.0653 3828 [ 060CC45CECAE2FEAFF9C8C52D8FAFAA8 ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys

13:58:29.0653 3828 FileMonitor - ok

13:58:29.0668 3828 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:58:29.0668 3828 Filetrace - ok

13:58:29.0699 3828 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

13:58:29.0715 3828 flpydisk - ok

13:58:29.0731 3828 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:58:29.0731 3828 FltMgr - ok

13:58:29.0918 3828 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

13:58:29.0965 3828 FontCache - ok

13:58:30.0089 3828 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:58:30.0089 3828 FontCache3.0.0.0 - ok

13:58:30.0152 3828 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

13:58:30.0152 3828 FsDepends - ok

13:58:30.0167 3828 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:58:30.0167 3828 Fs_Rec - ok

13:58:30.0245 3828 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

13:58:30.0261 3828 fvevol - ok

13:58:30.0355 3828 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

13:58:30.0370 3828 gagp30kx - ok

13:58:30.0479 3828 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

13:58:30.0495 3828 gpsvc - ok

13:58:30.0589 3828 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

13:58:30.0589 3828 hcw85cir - ok

13:58:30.0589 3828 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

13:58:30.0589 3828 HDAudBus - ok

13:58:30.0604 3828 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

13:58:30.0604 3828 HidBatt - ok

13:58:30.0604 3828 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

13:58:30.0604 3828 HidBth - ok

13:58:30.0620 3828 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

13:58:30.0620 3828 HidIr - ok

13:58:30.0651 3828 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

13:58:30.0651 3828 hidserv - ok

13:58:30.0698 3828 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

13:58:30.0698 3828 HidUsb - ok

13:58:30.0745 3828 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:58:30.0760 3828 hkmsvc - ok

13:58:30.0807 3828 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

13:58:30.0807 3828 HomeGroupListener - ok

13:58:30.0854 3828 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

13:58:30.0854 3828 HomeGroupProvider - ok

13:58:30.0885 3828 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

13:58:30.0885 3828 HpSAMD - ok

13:58:30.0932 3828 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:58:30.0947 3828 HTTP - ok

13:58:30.0994 3828 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

13:58:30.0994 3828 hwpolicy - ok

13:58:31.0025 3828 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

13:58:31.0025 3828 i8042prt - ok

13:58:31.0041 3828 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

13:58:31.0057 3828 iaStorV - ok

13:58:31.0244 3828 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:58:31.0275 3828 idsvc - ok

13:58:31.0291 3828 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

13:58:31.0291 3828 iirsp - ok

13:58:31.0462 3828 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

13:58:31.0493 3828 IKEEXT - ok

13:58:31.0556 3828 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

13:58:31.0571 3828 IMFservice - ok

13:58:31.0837 3828 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

13:58:31.0837 3828 IntcAzAudAddService - ok

13:58:31.0883 3828 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

13:58:31.0883 3828 intelide - ok

13:58:31.0883 3828 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

13:58:31.0899 3828 intelppm - ok

13:58:31.0993 3828 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:58:31.0993 3828 IPBusEnum - ok

13:58:32.0024 3828 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:58:32.0024 3828 IpFilterDriver - ok

13:58:32.0133 3828 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:58:32.0180 3828 iphlpsvc - ok

13:58:32.0195 3828 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

13:58:32.0195 3828 IPMIDRV - ok

13:58:32.0211 3828 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

13:58:32.0211 3828 IPNAT - ok

13:58:32.0289 3828 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:58:32.0305 3828 IRENUM - ok

13:58:32.0336 3828 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

13:58:32.0336 3828 isapnp - ok

13:58:32.0367 3828 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

13:58:32.0383 3828 iScsiPrt - ok

13:58:32.0523 3828 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

13:58:32.0523 3828 k57nd60a - ok

13:58:32.0570 3828 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:58:32.0570 3828 kbdclass - ok

13:58:32.0601 3828 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

13:58:32.0601 3828 kbdhid - ok

13:58:32.0648 3828 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe

13:58:32.0663 3828 KeyIso - ok

13:58:32.0726 3828 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:58:32.0726 3828 KSecDD - ok

13:58:32.0835 3828 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

13:58:32.0835 3828 KSecPkg - ok

13:58:32.0851 3828 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

13:58:32.0851 3828 ksthunk - ok

13:58:32.0944 3828 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

13:58:32.0944 3828 KtmRm - ok

13:58:33.0053 3828 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

13:58:33.0069 3828 LanmanServer - ok

13:58:33.0116 3828 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:58:33.0116 3828 LanmanWorkstation - ok

13:58:33.0194 3828 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:58:33.0194 3828 lltdio - ok

13:58:33.0272 3828 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:58:33.0287 3828 lltdsvc - ok

13:58:33.0287 3828 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:58:33.0303 3828 lmhosts - ok

13:58:33.0412 3828 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

13:58:33.0428 3828 LSI_FC - ok

13:58:33.0475 3828 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

13:58:33.0475 3828 LSI_SAS - ok

13:58:33.0537 3828 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

13:58:33.0537 3828 LSI_SAS2 - ok

13:58:33.0553 3828 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

13:58:33.0553 3828 LSI_SCSI - ok

13:58:33.0662 3828 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

13:58:33.0677 3828 luafv - ok

13:58:33.0724 3828 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:58:33.0740 3828 Mcx2Svc - ok

13:58:33.0740 3828 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

13:58:33.0740 3828 megasas - ok

13:58:33.0818 3828 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

13:58:33.0833 3828 MegaSR - ok

13:58:33.0943 3828 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

13:58:33.0958 3828 MMCSS - ok

13:58:33.0974 3828 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

13:58:33.0974 3828 Modem - ok

13:58:33.0989 3828 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:58:33.0989 3828 monitor - ok

13:58:34.0005 3828 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:58:34.0005 3828 mouclass - ok

13:58:34.0005 3828 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

13:58:34.0005 3828 mouhid - ok

13:58:34.0052 3828 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

13:58:34.0052 3828 mountmgr - ok

13:58:34.0145 3828 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

13:58:34.0145 3828 MpFilter - ok

13:58:34.0192 3828 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

13:58:34.0192 3828 mpio - ok

13:58:34.0208 3828 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:58:34.0208 3828 mpsdrv - ok

13:58:34.0317 3828 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

13:58:34.0333 3828 MpsSvc - ok

13:58:34.0333 3828 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:58:34.0333 3828 MRxDAV - ok

13:58:34.0333 3828 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:58:34.0333 3828 mrxsmb - ok

13:58:34.0348 3828 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:58:34.0348 3828 mrxsmb10 - ok

13:58:34.0379 3828 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:58:34.0379 3828 mrxsmb20 - ok

13:58:34.0411 3828 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

13:58:34.0411 3828 msahci - ok

13:58:34.0411 3828 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

13:58:34.0411 3828 msdsm - ok

13:58:34.0442 3828 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

13:58:34.0442 3828 MSDTC - ok

13:58:34.0457 3828 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:58:34.0457 3828 Msfs - ok

13:58:34.0504 3828 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

13:58:34.0504 3828 mshidkmdf - ok

13:58:34.0520 3828 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

13:58:34.0520 3828 msisadrv - ok

13:58:34.0613 3828 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:58:34.0613 3828 MSiSCSI - ok

13:58:34.0629 3828 msiserver - ok

13:58:34.0707 3828 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:58:34.0723 3828 MSKSSRV - ok

13:58:34.0801 3828 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

13:58:34.0801 3828 MsMpSvc - ok

13:58:34.0816 3828 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:58:34.0816 3828 MSPCLOCK - ok

13:58:34.0832 3828 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:58:34.0832 3828 MSPQM - ok

13:58:34.0879 3828 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:58:34.0894 3828 MsRPC - ok

13:58:34.0910 3828 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

13:58:34.0910 3828 mssmbios - ok

13:58:34.0910 3828 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:58:34.0910 3828 MSTEE - ok

13:58:34.0925 3828 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

13:58:34.0925 3828 MTConfig - ok

13:58:34.0925 3828 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

13:58:34.0925 3828 Mup - ok

13:58:35.0066 3828 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

13:58:35.0081 3828 napagent - ok

13:58:35.0159 3828 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:58:35.0175 3828 NativeWifiP - ok

13:58:35.0378 3828 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe

13:58:35.0425 3828 NAUpdate - ok

13:58:35.0549 3828 [ C38B8AE57F78915905064A9A24DC1586 ] NDIS C:\Windows\system32\drivers\ndis.sys

13:58:35.0612 3828 NDIS - ok

13:58:35.0674 3828 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

13:58:35.0674 3828 NdisCap - ok

13:58:35.0690 3828 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:58:35.0690 3828 NdisTapi - ok

13:58:35.0690 3828 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:58:35.0705 3828 Ndisuio - ok

13:58:35.0799 3828 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:58:35.0799 3828 NdisWan - ok

13:58:35.0815 3828 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:58:35.0815 3828 NDProxy - ok

13:58:35.0908 3828 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:58:35.0908 3828 NetBIOS - ok

13:58:35.0986 3828 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

13:58:35.0986 3828 NetBT - ok

13:58:36.0049 3828 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe

13:58:36.0049 3828 Netlogon - ok

13:58:36.0158 3828 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

13:58:36.0158 3828 Netman - ok

13:58:36.0267 3828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:58:36.0329 3828 NetMsmqActivator - ok

13:58:36.0345 3828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:58:36.0345 3828 NetPipeActivator - ok

13:58:36.0439 3828 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

13:58:36.0439 3828 netprofm - ok

13:58:36.0439 3828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:58:36.0439 3828 NetTcpActivator - ok

13:58:36.0454 3828 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:58:36.0454 3828 NetTcpPortSharing - ok

13:58:36.0501 3828 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

13:58:36.0501 3828 nfrd960 - ok

13:58:36.0579 3828 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:58:36.0595 3828 NisDrv - ok

13:58:36.0704 3828 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

13:58:36.0704 3828 NisSrv - ok

13:58:36.0782 3828 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

13:58:36.0782 3828 NlaSvc - ok

13:58:37.0234 3828 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

13:58:37.0250 3828 NOBU - ok

13:58:37.0297 3828 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:58:37.0312 3828 Npfs - ok

13:58:37.0453 3828 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

13:58:37.0453 3828 nsi - ok

13:58:37.0577 3828 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:58:37.0577 3828 nsiproxy - ok

13:58:37.0874 3828 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:58:37.0952 3828 Ntfs - ok

13:58:37.0967 3828 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

13:58:37.0967 3828 Null - ok

13:58:37.0967 3828 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:58:37.0967 3828 nvraid - ok

13:58:38.0092 3828 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:58:38.0092 3828 nvstor - ok

13:58:38.0123 3828 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

13:58:38.0123 3828 nv_agp - ok

13:58:38.0201 3828 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

13:58:38.0201 3828 ohci1394 - ok

13:58:38.0233 3828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

13:58:38.0233 3828 p2pimsvc - ok

13:58:38.0326 3828 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

13:58:38.0326 3828 p2psvc - ok

13:58:38.0389 3828 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

13:58:38.0389 3828 Parport - ok

13:58:38.0389 3828 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:58:38.0404 3828 partmgr - ok

13:58:38.0467 3828 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

13:58:38.0482 3828 PcaSvc - ok

13:58:38.0498 3828 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

13:58:38.0498 3828 pci - ok

13:58:38.0498 3828 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

13:58:38.0513 3828 pciide - ok

13:58:38.0591 3828 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

13:58:38.0607 3828 pcmcia - ok

13:58:38.0623 3828 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

13:58:38.0623 3828 pcw - ok

13:58:38.0732 3828 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:58:38.0747 3828 PEAUTH - ok

13:58:40.0089 3828 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

13:58:40.0089 3828 PerfHost - ok

13:58:40.0214 3828 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

13:58:40.0245 3828 pla - ok

13:58:40.0354 3828 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:58:40.0370 3828 PlugPlay - ok

13:58:40.0385 3828 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

13:58:40.0385 3828 PNRPAutoReg - ok

13:58:40.0417 3828 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

13:58:40.0432 3828 PNRPsvc - ok

13:58:40.0479 3828 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:58:40.0495 3828 PolicyAgent - ok

13:58:40.0557 3828 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll

13:58:40.0557 3828 Power - ok

13:58:40.0635 3828 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:58:40.0651 3828 PptpMiniport - ok

13:58:40.0682 3828 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

13:58:40.0682 3828 Processor - ok

13:58:40.0729 3828 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

13:58:40.0729 3828 ProfSvc - ok

13:58:40.0744 3828 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe

13:58:40.0744 3828 ProtectedStorage - ok

13:58:40.0807 3828 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

13:58:40.0807 3828 Psched - ok

13:58:40.0885 3828 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

13:58:40.0900 3828 PxHlpa64 - ok

13:58:41.0119 3828 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

13:58:41.0212 3828 ql2300 - ok

13:58:41.0228 3828 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

13:58:41.0243 3828 ql40xx - ok

13:58:41.0930 3828 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

13:58:41.0930 3828 QWAVE - ok

13:58:41.0945 3828 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:58:41.0945 3828 QWAVEdrv - ok

13:58:42.0070 3828 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:58:42.0070 3828 RasAcd - ok

13:58:42.0117 3828 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

13:58:42.0117 3828 RasAgileVpn - ok

13:58:42.0226 3828 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

13:58:42.0226 3828 RasAuto - ok

13:58:42.0257 3828 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:58:42.0257 3828 Rasl2tp - ok

13:58:42.0304 3828 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

13:58:42.0304 3828 RasMan - ok

13:58:42.0382 3828 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:58:42.0382 3828 RasPppoe - ok

13:58:42.0413 3828 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:58:42.0413 3828 RasSstp - ok

13:58:42.0507 3828 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:58:42.0507 3828 rdbss - ok

13:58:42.0523 3828 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

13:58:42.0523 3828 rdpbus - ok

13:58:42.0523 3828 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:58:42.0523 3828 RDPCDD - ok

13:58:42.0569 3828 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:58:42.0569 3828 RDPENCDD - ok

13:58:42.0585 3828 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

13:58:42.0585 3828 RDPREFMP - ok

13:58:42.0710 3828 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:58:42.0725 3828 RDPWD - ok

13:58:42.0835 3828 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

13:58:42.0835 3828 rdyboost - ok

13:58:42.0897 3828 [ 5F9AC3243C206EC95F32E4348AE67C13 ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys

13:58:42.0897 3828 RegFilter - ok

13:58:42.0991 3828 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:58:42.0991 3828 RemoteAccess - ok

13:58:43.0100 3828 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:58:43.0115 3828 RemoteRegistry - ok

13:58:43.0755 3828 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

13:58:43.0958 3828 RoxMediaDB12OEM - ok

13:58:44.0020 3828 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

13:58:44.0020 3828 RoxWatch12 - ok

13:58:44.0114 3828 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

13:58:44.0114 3828 RpcEptMapper - ok

13:58:44.0192 3828 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

13:58:44.0207 3828 RpcLocator - ok

13:58:44.0301 3828 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

13:58:44.0317 3828 RpcSs - ok

13:58:44.0395 3828 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:58:44.0395 3828 rspndr - ok

13:58:44.0441 3828 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe

13:58:44.0441 3828 SamSs - ok

13:58:44.0473 3828 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

13:58:44.0473 3828 sbp2port - ok

13:58:44.0535 3828 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:58:44.0551 3828 SCardSvr - ok

13:58:44.0551 3828 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

13:58:44.0551 3828 scfilter - ok

13:58:44.0707 3828 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

13:58:44.0707 3828 Schedule - ok

13:58:44.0769 3828 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

13:58:44.0769 3828 SCPolicySvc - ok

13:58:44.0831 3828 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:58:44.0847 3828 SDRSVC - ok

13:58:45.0003 3828 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:58:45.0003 3828 secdrv - ok

13:58:45.0050 3828 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

13:58:45.0065 3828 seclogon - ok

13:58:45.0112 3828 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

13:58:45.0128 3828 SENS - ok

13:58:45.0175 3828 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

13:58:45.0175 3828 SensrSvc - ok

13:58:45.0190 3828 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

13:58:45.0206 3828 Serenum - ok

13:58:45.0206 3828 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

13:58:45.0206 3828 Serial - ok

13:58:45.0221 3828 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

13:58:45.0221 3828 sermouse - ok

13:58:45.0253 3828 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

13:58:45.0253 3828 SessionEnv - ok

13:58:45.0268 3828 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

13:58:45.0268 3828 sffdisk - ok

13:58:45.0268 3828 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

13:58:45.0268 3828 sffp_mmc - ok

13:58:45.0284 3828 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

13:58:45.0284 3828 sffp_sd - ok

13:58:45.0299 3828 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

13:58:45.0299 3828 sfloppy - ok

13:58:45.0689 3828 [ 29DDEA72C5BDF61D62F4D438DC0E497C ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

13:58:45.0705 3828 SftService - ok

13:58:45.0767 3828 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:58:45.0783 3828 SharedAccess - ok

13:58:45.0892 3828 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:58:45.0892 3828 ShellHWDetection - ok

13:58:45.0955 3828 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

13:58:45.0955 3828 SiSRaid2 - ok

13:58:46.0033 3828 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

13:58:46.0033 3828 SiSRaid4 - ok

13:58:46.0173 3828 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

13:58:46.0173 3828 SkypeUpdate - ok

13:58:46.0469 3828 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:58:46.0516 3828 Smb - ok

13:58:46.0625 3828 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:58:46.0625 3828 SNMPTRAP - ok

13:58:46.0688 3828 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

13:58:46.0688 3828 spldr - ok

13:58:46.0781 3828 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

13:58:46.0797 3828 Spooler - ok

13:58:47.0140 3828 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

13:58:47.0218 3828 sppsvc - ok

13:58:47.0218 3828 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

13:58:47.0218 3828 sppuinotify - ok

13:58:47.0374 3828 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

13:58:47.0374 3828 srv - ok

13:58:47.0437 3828 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:58:47.0437 3828 srv2 - ok

13:58:47.0452 3828 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:58:47.0468 3828 srvnet - ok

13:58:47.0561 3828 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:58:47.0561 3828 SSDPSRV - ok

13:58:47.0795 3828 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:58:47.0889 3828 SstpSvc - ok

13:58:47.0889 3828 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

13:58:47.0921 3828 stexstor - ok

13:58:48.0016 3828 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

13:58:48.0029 3828 stisvc - ok

13:58:48.0188 3828 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

13:58:48.0499 3828 stllssvr - ok

13:58:48.0505 3828 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

13:58:48.0506 3828 swenum - ok

13:58:48.0594 3828 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

13:58:48.0642 3828 swprv - ok

13:58:48.0891 3828 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

13:58:48.0923 3828 SysMain - ok

13:58:49.0016 3828 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:58:49.0032 3828 TabletInputService - ok

13:58:49.0110 3828 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

13:58:49.0125 3828 TapiSrv - ok

13:58:49.0172 3828 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

13:58:49.0188 3828 TBS - ok

13:58:49.0375 3828 [ F0E98C00A09FDF791525829A1D14240F ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:58:49.0437 3828 Tcpip - ok

13:58:49.0640 3828 [ F0E98C00A09FDF791525829A1D14240F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

13:58:49.0640 3828 TCPIP6 - ok

13:58:49.0656 3828 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:58:49.0656 3828 tcpipreg - ok

13:58:49.0718 3828 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:58:49.0718 3828 TDPIPE - ok

13:58:49.0734 3828 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:58:49.0734 3828 TDTCP - ok

13:58:49.0827 3828 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:58:49.0843 3828 tdx - ok

13:58:49.0843 3828 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

13:58:49.0843 3828 TermDD - ok

13:58:49.0952 3828 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

13:58:50.0139 3828 TermService - ok

13:58:50.0155 3828 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

13:58:50.0155 3828 Themes - ok

13:58:50.0249 3828 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

13:58:50.0264 3828 THREADORDER - ok

13:58:50.0342 3828 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

13:58:50.0342 3828 TrkWks - ok

13:58:50.0405 3828 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:58:50.0420 3828 TrustedInstaller - ok

13:58:50.0436 3828 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:58:50.0436 3828 tssecsrv - ok

13:58:50.0498 3828 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

13:58:50.0498 3828 TsUsbFlt - ok

13:58:50.0514 3828 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

13:58:50.0514 3828 TsUsbGD - ok

13:58:50.0561 3828 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:58:50.0561 3828 tunnel - ok

13:58:50.0623 3828 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

13:58:50.0623 3828 uagp35 - ok

13:58:50.0779 3828 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:58:50.0810 3828 udfs - ok

13:58:50.0857 3828 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:58:50.0857 3828 UI0Detect - ok

13:58:50.0951 3828 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

13:58:50.0966 3828 uliagpkx - ok

13:58:50.0966 3828 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:58:50.0966 3828 umbus - ok

13:58:50.0997 3828 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

13:58:50.0997 3828 UmPass - ok

13:58:51.0044 3828 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

13:58:51.0060 3828 upnphost - ok

13:58:51.0122 3828 [ 241080F1B28E68F0D00F8F1066A3780D ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys

13:58:51.0138 3828 UrlFilter - ok

13:58:51.0169 3828 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

13:58:51.0169 3828 usbccgp - ok

13:58:51.0247 3828 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

13:58:51.0247 3828 usbcir - ok

13:58:51.0263 3828 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

13:58:51.0263 3828 usbehci - ok

13:58:51.0341 3828 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:58:51.0341 3828 usbhub - ok

13:58:51.0419 3828 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

13:58:51.0419 3828 usbohci - ok

13:58:51.0450 3828 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

13:58:51.0450 3828 usbprint - ok

13:58:51.0497 3828 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

13:58:51.0497 3828 usbscan - ok

13:58:51.0543 3828 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:58:51.0543 3828 USBSTOR - ok

13:58:51.0559 3828 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

13:58:51.0559 3828 usbuhci - ok

13:58:51.0637 3828 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

13:58:51.0637 3828 UxSms - ok

13:58:51.0653 3828 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe

13:58:51.0668 3828 VaultSvc - ok

13:58:51.0668 3828 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

13:58:51.0668 3828 vdrvroot - ok

13:58:51.0746 3828 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

13:58:51.0793 3828 vds - ok

13:58:51.0809 3828 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:58:51.0824 3828 vga - ok

13:58:51.0824 3828 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

13:58:51.0824 3828 VgaSave - ok

13:58:51.0824 3828 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

13:58:51.0824 3828 vhdmp - ok

13:58:51.0840 3828 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

13:58:51.0840 3828 viaide - ok

13:58:51.0887 3828 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

13:58:51.0887 3828 volmgr - ok

13:58:51.0933 3828 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:58:51.0949 3828 volmgrx - ok

13:58:51.0965 3828 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

13:58:51.0996 3828 volsnap - ok

13:58:52.0011 3828 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

13:58:52.0011 3828 vsmraid - ok

13:58:52.0261 3828 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

13:58:52.0308 3828 VSS - ok

13:58:52.0308 3828 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

13:58:52.0323 3828 vwifibus - ok

13:58:52.0401 3828 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

13:58:52.0417 3828 W32Time - ok

13:58:52.0589 3828 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

13:58:52.0589 3828 WacomPen - ok

13:58:52.0667 3828 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

13:58:52.0667 3828 WANARP - ok

13:58:52.0667 3828 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:58:52.0667 3828 Wanarpv6 - ok

13:58:52.0854 3828 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

13:58:52.0885 3828 wbengine - ok

13:58:52.0947 3828 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

13:58:52.0947 3828 WbioSrvc - ok

13:58:52.0963 3828 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:58:52.0979 3828 wcncsvc - ok

13:58:53.0025 3828 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:58:53.0041 3828 WcsPlugInService - ok

13:58:53.0041 3828 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

13:58:53.0041 3828 Wd - ok

13:58:53.0072 3828 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:58:53.0103 3828 Wdf01000 - ok

13:58:53.0119 3828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:58:53.0135 3828 WdiServiceHost - ok

13:58:53.0135 3828 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:58:53.0135 3828 WdiSystemHost - ok

13:58:53.0213 3828 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

13:58:53.0213 3828 WebClient - ok

13:58:53.0259 3828 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:58:53.0259 3828 Wecsvc - ok

13:58:53.0275 3828 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:58:53.0275 3828 wercplsupport - ok

13:58:53.0306 3828 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

13:58:53.0306 3828 WerSvc - ok

13:58:53.0369 3828 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

13:58:53.0369 3828 WfpLwf - ok

13:58:53.0478 3828 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

13:58:53.0478 3828 WimFltr - ok

13:58:53.0493 3828 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

13:58:53.0493 3828 WIMMount - ok

13:58:53.0571 3828 WinDefend - ok

13:58:53.0587 3828 WinHttpAutoProxySvc - ok

13:58:53.0821 3828 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:58:53.0821 3828 Winmgmt - ok

13:58:54.0273 3828 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

13:58:54.0320 3828 WinRM - ok

13:58:54.0492 3828 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

13:58:54.0523 3828 Wlansvc - ok

13:58:54.0632 3828 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:58:54.0648 3828 wlcrasvc - ok

13:58:55.0163 3828 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:58:55.0178 3828 wlidsvc - ok

13:58:55.0209 3828 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

13:58:55.0225 3828 WmiAcpi - ok

13:58:55.0381 3828 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:58:55.0397 3828 wmiApSrv - ok

13:58:55.0521 3828 WMPNetworkSvc - ok

13:58:55.0553 3828 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:58:55.0553 3828 WPCSvc - ok

13:58:55.0568 3828 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:58:55.0568 3828 WPDBusEnum - ok

13:58:55.0677 3828 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:58:55.0677 3828 ws2ifsl - ok

13:58:55.0724 3828 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

13:58:55.0724 3828 wscsvc - ok

13:58:55.0724 3828 WSearch - ok

13:58:56.0161 3828 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

13:58:56.0223 3828 wuauserv - ok

13:58:56.0223 3828 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

13:58:56.0223 3828 WudfPf - ok

13:58:56.0379 3828 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:58:56.0395 3828 WUDFRd - ok

13:58:56.0535 3828 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:58:56.0535 3828 wudfsvc - ok

13:58:56.0645 3828 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

13:58:56.0645 3828 WwanSvc - ok

13:58:56.0645 3828 ================ Scan global ===============================

13:58:56.0785 3828 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

13:58:56.0816 3828 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

13:58:56.0816 3828 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

13:58:56.0879 3828 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

13:58:56.0925 3828 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

13:58:56.0941 3828 [Global] - ok

13:58:56.0941 3828 ================ Scan MBR ==================================

13:58:56.0988 3828 [ C3C93F1CA51BBACBABEA804D2CC62CA1 ] \Device\Harddisk0\DR0

13:58:57.0050 3828 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - infected

13:58:57.0050 3828 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Harbinger.a (0)

13:58:57.0050 3828 ================ Scan VBR ==================================

13:58:57.0050 3828 [ 9EA1E1F529C22BCC84E639E49D357429 ] \Device\Harddisk0\DR0\Partition1

13:58:57.0081 3828 \Device\Harddisk0\DR0\Partition1 - ok

13:58:57.0097 3828 [ A638EAE0D6D7916FBEB67A8D33ABBD91 ] \Device\Harddisk0\DR0\Partition2

13:58:57.0097 3828 \Device\Harddisk0\DR0\Partition2 - ok

13:58:57.0113 3828 [ 9EA1E1F529C22BCC84E639E49D357429 ] \Device\Harddisk0\DR0\Partition3

13:58:57.0113 3828 \Device\Harddisk0\DR0\Partition3 - ok

13:58:57.0113 3828 ============================================================

13:58:57.0113 3828 Scan finished

13:58:57.0113 3828 ============================================================

13:58:57.0128 3804 Detected object count: 1

13:58:57.0128 3804 Actual detected object count: 1

13:59:52.0587 3804 \Device\Harddisk0\DR0\# - copied to quarantine

13:59:52.0821 3804 \Device\Harddisk0\DR0 - copied to quarantine

13:59:53.0944 3804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - will be cured on reboot

13:59:53.0944 3804 \Device\Harddisk0\DR0 - ok

13:59:54.0210 3804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Harbinger.a ) - User select action: Cure
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,755 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Mar-2013, 03:02 PM #10
reboot twice & run tdsskiller again please
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 03:05 PM #11
ok ran again at normal log cleaned rebooted then ran again it didnt find anything the last scan.
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 03:17 PM #12
does this mean all finished and clean no more hearing ads in background and other errors?
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,755 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
07-Mar-2013, 03:45 PM #13
there may still be problems

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
LostInTec's Avatar
LostInTec LostInTec is offline
Member with 10 posts.
THREAD STARTER
 
Join Date: Mar 2013
07-Mar-2013, 06:39 PM #14
ComboFix 13-03-07.02 - Home 03/07/2013 17:00:31.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2277 [GMT -5:00]
Running from: c:\users\Home\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))
.
.
2013-03-07 21:42 . 2013-03-07 21:42 -------- d-----w- c:\programdata\PopCap Games
2013-03-07 21:42 . 2013-03-07 21:42 -------- d-----w- c:\programdata\SpinTop Games
2013-03-07 21:42 . 2013-03-07 21:42 -------- d-----w- c:\program files (x86)\PopCap Games
2013-03-07 21:33 . 1998-10-03 00:00 327168 ----a-w- c:\windows\IsUninst.exe
2013-03-07 21:04 . 2013-03-07 21:04 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-03-07 21:03 . 2013-03-07 21:04 -------- d-----w- c:\program files\Dell Support Center
2013-03-07 21:00 . 2013-03-07 21:04 -------- d-----w- c:\programdata\PCDr
2013-03-07 20:16 . 2013-03-07 20:16 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-07 20:16 . 2013-03-07 20:16 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-07 20:05 . 2013-03-07 20:05 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-07 20:05 . 2013-03-07 20:05 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-07 20:05 . 2013-03-07 20:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-07 20:05 . 2013-03-07 20:05 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-07 20:05 . 2013-03-07 20:05 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-03-07 20:05 . 2013-03-07 20:05 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-03-07 20:05 . 2013-03-07 20:05 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-03-07 20:05 . 2013-03-07 20:05 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-03-07 20:05 . 2013-03-07 20:05 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-03-07 20:05 . 2013-03-07 20:05 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-03-07 20:05 . 2013-03-07 20:05 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-03-07 20:04 . 2013-03-07 20:04 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-03-07 20:04 . 2013-03-07 20:04 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-03-07 20:04 . 2013-03-07 20:04 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-03-07 20:04 . 2013-03-07 20:04 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-03-07 19:57 . 2013-03-07 19:57 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-03-07 19:51 . 2013-03-07 19:51 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-03-07 19:51 . 2013-03-07 19:51 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2013-03-07 19:51 . 2013-03-07 19:51 5120 ----a-w- c:\windows\system32\wmi.dll
2013-03-07 19:51 . 2013-03-07 19:51 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-03-07 19:51 . 2013-03-07 19:51 220672 ----a-w- c:\windows\system32\wintrust.dll
2013-03-07 19:51 . 2013-03-07 19:51 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-03-07 19:51 . 2013-03-07 19:51 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-03-07 19:39 . 2013-03-07 19:39 -------- d-----w- c:\program files (x86)\MSXML 4.0
2013-03-07 19:38 . 2013-03-07 19:38 -------- d-----w- c:\windows\SysWow64\Wat
2013-03-07 19:38 . 2013-03-07 19:38 -------- d-----w- c:\windows\system32\Wat
2013-03-07 18:55 . 2013-03-07 18:59 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-07 17:15 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2013-03-07 17:15 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2013-03-07 07:48 . 2013-03-07 07:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-03-07 07:39 . 2013-01-15 23:49 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-03-07 07:32 . 2013-03-07 07:32 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-07 07:32 . 2013-03-07 07:33 -------- d-----w- c:\programdata\IObit
2013-03-07 07:32 . 2013-03-07 07:40 -------- d-----w- c:\program files (x86)\IObit
2013-03-07 07:30 . 2013-03-07 07:30 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-07 04:46 . 2013-03-07 21:58 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-07 04:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-03-07 04:37 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-03-07 04:37 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-03-07 04:36 . 2013-03-07 16:46 -------- d-----w- c:\users\Home
2013-03-07 04:22 . 2013-03-07 04:22 -------- d-----w- c:\program files (x86)\Enchanted Cavern
2013-03-07 04:21 . 2013-03-07 04:21 -------- d-----w- c:\programdata\Big Fish Games
2013-03-07 04:21 . 2013-03-07 04:21 -------- d-----w- c:\program files (x86)\bfgclient
2013-03-07 04:18 . 2013-03-07 21:49 -------- d-----w- C:\BigFishGamesCache
2013-03-07 04:15 . 2013-03-07 04:26 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-03-07 03:57 . 2013-03-07 04:13 -------- d-----w- c:\windows\SMINST
2013-03-07 03:51 . 2013-03-07 03:51 -------- d--h--w- c:\programdata\CanonBJ
2013-03-07 03:51 . 2013-03-07 04:16 -------- d-----w- C:\AeriaGames
2013-03-07 03:50 . 2008-02-26 02:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9I.DLL
2013-03-07 03:50 . 2008-02-26 02:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9I.DLL
2013-03-07 03:49 . 2008-02-26 02:00 279040 ----a-w- c:\windows\system32\CNMLM9I.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-07 07:30 . 2012-01-12 01:15 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-07 04:37 . 2010-06-24 17:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-03-07 19456]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-03-07 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-03-07 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-07 07:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-36831917.sys
SafeBoot-95140218.sys
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_ 6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\DSUPDATE\HSTART.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2013-03-07 17:18:28 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-07 22:18
.
Pre-Run: 443,208,593,408 bytes free
Post-Run: 442,851,246,080 bytes free
.
- - End Of File - - 7164E6C904359DB56468490411C5CD7C
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,755 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
08-Mar-2013, 06:18 AM #15
that all looks clear

are you still having any problems?
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑