# Help requested: Malwarebytes constant pop-ups block 95.211.194.79



## enurtsol

Hello good people of Computer Forum,

How are you and good afternoon.  Seems there's an issue we can't figure out.  We're trying to fix an older Vista computer.  While web browsing with IE9, something weird started happening just yesterday which I'll explain as best as I can.  We haven't installed any program since this started happening yesterday except Java 7 Update 25 installed today (which can be uninstalled if need be).

What's happening is that Malwarebytes Anti-Malware Pro 1.75 keeps popping up every other minute:

 Successfully blocked access to a potentially malicious website: 95.211.194.79  
Type: outgoing
Port: ***** [always changing], Process: explorer.exe

Using IP lookup:

 Hostname 	hosted-by.leaseweb.com
Ip Address 	95.211.194.79
Host of this IP 	95.211.194.79
Country Name	Netherlands
City Name	Amsterdam

Using the latest updates, we ran Malwarebytes Pro 1.75 scan but turned out OK.  It's a Windows Vista Ultimate SP2 32-bit 4GB RAM computer running ESET NOD32 Antivirus 6 and Spybot 1.6.2

Also, this could be related, I noticed (which I don't believe was happening before this problem started) that whenever I'm connected to the router/internet, the computer's net traffic spikes up too every few minutes.  And whenever it does, the C:\Windows\Temp folder kept getting filled with htt****.tmp files (where **** are alphanumeric) that can be tens of MBs large or more.  And those .tmp files can't seem to be deleted but disappear after reboot.

Here are the copy&paste log files of Malwarebytes and Hijackthis:

 Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
LostRune :: KYOKO [administrator]

Protection: Enabled

7/15/2013 5:46:47 PM
mbam-log-2013-07-15 (17-46-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 279720
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


 Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:57:32 PM, on 7/15/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)

FIREFOX: 22.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Laplink\Laplink DiskImage\ooditray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\PROGRAM FILES\OUTLOOK ON THE DESKTOP\OUTLOOKDESKTOP.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\explorer.exe
C:\Program Files\GhosteryIEplugin\GhosteryRegistryProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
D:\Users\LostRune\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Ghostery BHO - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\Run: [OODITRAY.EXE] C:\Program Files\Laplink\Laplink DiskImage\OODITRAY.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Artisan 830(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGXA.EXE /FU "C:\Users\LostRune\AppData\Local\Temp\E_S6E75.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Links to this page - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
O8 - Extra context menu item: &Similar pages - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to iPod Converter - D:\Users\LostRune\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
O8 - Extra context menu item: Look up in Mr&Check... - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
O8 - Extra context menu item: Open in &new window - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Search with &Google - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O8 - Extra context menu item: Show page from the &cache - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gcache.htm
O8 - Extra context menu item: Translate this page with Google - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: View old version at &archives.org - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Zoom &in - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &out - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ghostery - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - C:\Program Files\GhosteryIEplugin\GhosteryBrowserHelperObject.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {10000000-1000-1000-1000-100000000000} - http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
O16 - DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} (TNetworkScanner Control) - http://optimum.net/downloads/TNetworkScannerXControl.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209007354990
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209007424377
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - C:\Program Files\GhosteryIEplugin\GhosteryMimeFilter.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files\Fitbit\fitbit.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: OO DiskImage - Unknown owner - C:\Program Files\Laplink\Laplink DiskImage\oodiag.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\Windows\system32\SAgent4.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe

--
End of file - 16813 bytes

Thank you very much for any help.


----------



## johnb35

Please run the following and post the logs.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.






TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.






Please reboot the system if asked to do so. 

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example,  C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt  

Please open the log and copy and paste it back here.


2.

Please download* AdwCleaner* by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with OK
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


----------



## enurtsol

Hello johnb,

Good day.  Thanks for timely assistance.  I followed your instructions, and the scans did not find anything, while the previous issues continue.  Here are the resulting logs:

 19:40:30.0501 3352  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:40:30.0984 3352  ============================================================
19:40:30.0984 3352  Current date / time: 2013/07/15 19:40:30.0984
19:40:30.0984 3352  SystemInfo:
19:40:30.0984 3352  
19:40:30.0984 3352  OS Version: 6.0.6002 ServicePack: 2.0
19:40:30.0984 3352  Product type: Workstation
19:40:30.0984 3352  ComputerName: KYOKO
19:40:30.0985 3352  UserName: LostRune
19:40:30.0985 3352  Windows directory: C:\Windows
19:40:30.0985 3352  System windows directory: C:\Windows
19:40:30.0985 3352  Processor architecture: Intel x86
19:40:30.0985 3352  Number of processors: 2
19:40:30.0985 3352  Page size: 0x1000
19:40:30.0985 3352  Boot type: Normal boot
19:40:30.0985 3352  ============================================================
19:40:32.0135 3352  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:32.0149 3352  Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:32.0159 3352  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:40:32.0190 3352  ============================================================
19:40:32.0190 3352  \Device\Harddisk0\DR0:
19:40:32.0191 3352  MBR partitions:
19:40:32.0191 3352  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6422F49
19:40:32.0191 3352  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6422F88, BlocksNum 0xB6CEB9C
19:40:32.0191 3352  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11AF1B24, BlocksNum 0xB6D2A5D
19:40:32.0191 3352  \Device\Harddisk1\DR1:
19:40:32.0199 3352  Invalid mbr signature
19:40:32.0199 3352  \Device\Harddisk2\DR2:
19:40:32.0199 3352  MBR partitions:
19:40:32.0199 3352  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C2800
19:40:32.0200 3352  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0x1D1C3000, BlocksNum 0x1D1C2800
19:40:32.0200 3352  ============================================================
19:40:32.0297 3352  C: <-> \Device\Harddisk0\DR0\Partition1
19:40:32.0328 3352  F: <-> \Device\Harddisk2\DR2\Partition1
19:40:32.0362 3352  G: <-> \Device\Harddisk2\DR2\Partition2
19:40:32.0449 3352  D: <-> \Device\Harddisk0\DR0\Partition2
19:40:32.0589 3352  E: <-> \Device\Harddisk0\DR0\Partition3
19:40:32.0590 3352  ============================================================
19:40:32.0590 3352  Initialize success
19:40:32.0590 3352  ============================================================
19:41:26.0505 5172  ============================================================
19:41:26.0505 5172  Scan started
19:41:26.0505 5172  Mode: Manual; 
19:41:26.0505 5172  ============================================================
19:41:38.0276 5172  ================ Scan system memory ========================
19:41:38.0276 5172  System memory - ok
19:41:38.0276 5172  ================ Scan services =============================
19:41:38.0725 5172  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:41:38.0807 5172  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:41:40.0015 5172  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
19:41:40.0041 5172  ACPI - ok
19:41:40.0211 5172  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:41:40.0225 5172  AdobeARMservice - ok
19:41:40.0357 5172  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:41:40.0423 5172  adp94xx - ok
19:41:40.0502 5172  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:41:40.0523 5172  adpahci - ok
19:41:40.0545 5172  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
19:41:40.0558 5172  adpu160m - ok
19:41:40.0596 5172  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:41:40.0615 5172  adpu320 - ok
19:41:40.0659 5172  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:41:40.0674 5172  AeLookupSvc - ok
19:41:40.0768 5172  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
19:41:40.0807 5172  AFD - ok
19:41:40.0843 5172  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:41:40.0855 5172  agp440 - ok
19:41:40.0901 5172  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
19:41:40.0912 5172  aic78xx - ok
19:41:40.0960 5172  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
19:41:40.0973 5172  ALG - ok
19:41:40.0991 5172  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:41:41.0001 5172  aliide - ok
19:41:41.0459 5172  ALSysIO - ok
19:41:41.0598 5172  [ 92543DA5BB9775978FDBC1650C24A058 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:41:41.0624 5172  AMD External Events Utility - ok
19:41:41.0669 5172  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
19:41:41.0689 5172  amdagp - ok
19:41:41.0714 5172  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
19:41:41.0728 5172  amdide - ok
19:41:41.0756 5172  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
19:41:41.0796 5172  AmdK7 - ok
19:41:41.0817 5172  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:41:41.0829 5172  AmdK8 - ok
19:41:41.0880 5172  [ 4C7C8F1678E516A961CD79A1CA0A0C82 ] Amps2prt        C:\Windows\system32\DRIVERS\Amps2prt.sys
19:41:41.0894 5172  Amps2prt - ok
19:41:41.0981 5172  [ 82CE157FF3701AB50769B2654D0B0215 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
19:41:41.0998 5172  AnyDVD - ok
19:41:42.0050 5172  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
19:41:42.0062 5172  Appinfo - ok
19:41:42.0209 5172  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:41:42.0220 5172  Apple Mobile Device - ok
19:41:42.0297 5172  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:41:42.0327 5172  AppMgmt - ok
19:41:42.0357 5172  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
19:41:42.0371 5172  arc - ok
19:41:42.0396 5172  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:41:42.0409 5172  arcsas - ok
19:41:42.0760 5172  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:41:42.0867 5172  aspnet_state - ok
19:41:42.0907 5172  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:41:42.0923 5172  AsyncMac - ok
19:41:42.0981 5172  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:41:42.0982 5172  atapi - ok
19:41:43.0237 5172  [ 99001DE5A38DB425AE186AB021914540 ] ATIAVPCI        C:\Windows\system32\DRIVERS\atinavrr.sys
19:41:43.0312 5172  ATIAVPCI - ok
19:41:44.0414 5172  [ 632A5BE70D168B84F658A82AC8DBBEAD ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:41:44.0846 5172  atikmdag - ok
19:41:44.0949 5172  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:41:45.0001 5172  AudioEndpointBuilder - ok
19:41:45.0021 5172  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
19:41:45.0024 5172  Audiosrv - ok
19:41:45.0101 5172  [ 8582C97889C224082578EE02AA00B2E6 ] AWService       C:\Program Files\Intel\IDU\awServ.exe
19:41:45.0111 5172  AWService - ok
19:41:45.0156 5172  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:41:45.0166 5172  Beep - ok
19:41:45.0273 5172  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
19:41:45.0308 5172  BFE - ok
19:41:45.0501 5172  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
19:41:45.0592 5172  BITS - ok
19:41:45.0597 5172  blbdrive - ok
19:41:45.0850 5172  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:41:45.0878 5172  Bonjour Service - ok
19:41:45.0917 5172  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:41:45.0935 5172  bowser - ok
19:41:45.0985 5172  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
19:41:46.0001 5172  BrFiltLo - ok
19:41:46.0023 5172  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
19:41:46.0054 5172  BrFiltUp - ok
19:41:46.0108 5172  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
19:41:46.0133 5172  Browser - ok
19:41:46.0166 5172  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
19:41:46.0186 5172  Brserid - ok
19:41:46.0208 5172  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
19:41:46.0220 5172  BrSerWdm - ok
19:41:46.0244 5172  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
19:41:46.0259 5172  BrUsbMdm - ok
19:41:46.0286 5172  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
19:41:46.0302 5172  BrUsbSer - ok
19:41:46.0401 5172  [ F9457B95D98E5DDA90F8EFCA98A1C7FA ] btaudio         C:\Windows\system32\drivers\btaudio.sys
19:41:46.0446 5172  btaudio - ok
19:41:46.0528 5172  [ 3944041E640710AFFFAEC52B7957EF5D ] BTDriver        C:\Windows\system32\DRIVERS\btport.sys
19:41:46.0546 5172  BTDriver - ok
19:41:46.0627 5172  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
19:41:46.0652 5172  BthEnum - ok
19:41:46.0698 5172  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:41:46.0723 5172  BTHMODEM - ok
19:41:46.0773 5172  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
19:41:46.0793 5172  BthPan - ok
19:41:46.0951 5172  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
19:41:47.0026 5172  BTHPORT - ok
19:41:47.0144 5172  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
19:41:47.0159 5172  BthServ - ok
19:41:47.0212 5172  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
19:41:47.0220 5172  BTHUSB - ok
19:41:47.0471 5172  [ 62C53CC7D8FC4848BB7A492FAA2EDEF4 ] BTKRNL          C:\Windows\system32\DRIVERS\btkrnl.sys
19:41:47.0556 5172  BTKRNL - ok
19:41:47.0575 5172  btwaudio - ok
19:41:47.0604 5172  btwavdt - ok
19:41:47.0853 5172  [ A5051EC08954854F0DD8146CF68DA9C7 ] btwdins         C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
19:41:47.0874 5172  btwdins - ok
19:41:48.0027 5172  [ 054EE206461237E3399708EA4543138F ] BTWDNDIS        C:\Windows\system32\DRIVERS\btwdndis.sys
19:41:48.0047 5172  BTWDNDIS - ok
19:41:48.0090 5172  [ C5F44DD7C7C8DBE4A78FCE6A42E6D12F ] btwhid          C:\Windows\system32\DRIVERS\btwhid.sys
19:41:48.0102 5172  btwhid - ok
19:41:48.0129 5172  btwl2cap - ok
19:41:48.0153 5172  btwrchid - ok
19:41:48.0277 5172  [ 8FE038CAF82E18260E8230A9BB8B98AB ] BTWUSB          C:\Windows\system32\Drivers\btwusb.sys
19:41:48.0294 5172  BTWUSB - ok
19:41:48.0369 5172  [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5        C:\Windows\system32\drivers\BVRPMPR5.SYS
19:41:48.0386 5172  BVRPMPR5 - ok
19:41:48.0463 5172  [ F6B032F03602321CBAD380A6EB883525 ] cbfs3           C:\Windows\system32\DRIVERS\cbfs3.sys
19:41:48.0497 5172  cbfs3 - ok
19:41:48.0541 5172  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:41:48.0558 5172  cdfs - ok
19:41:48.0609 5172  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:41:48.0621 5172  cdrom - ok
19:41:48.0674 5172  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:41:48.0688 5172  CertPropSvc - ok
19:41:48.0754 5172  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:41:48.0764 5172  circlass - ok
19:41:49.0089 5172  [ 923672D4B4C8AE12109854BB355BFA5E ] CLCapSvc        C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
19:41:49.0113 5172  CLCapSvc - ok
19:41:49.0190 5172  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
19:41:49.0261 5172  CLFS - ok
19:41:49.0456 5172  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:41:49.0469 5172  clr_optimization_v2.0.50727_32 - ok
19:41:49.0572 5172  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:41:50.0000 5172  clr_optimization_v4.0.30319_32 - ok
19:41:50.0037 5172  [ 2BBC13AFA773D06D115C55692FDD9FB4 ] CLSched         C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
19:41:50.0052 5172  CLSched - ok
19:41:50.0079 5172  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:41:50.0119 5172  cmdide - ok
19:41:50.0140 5172  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:41:50.0153 5172  Compbatt - ok
19:41:50.0159 5172  COMSysApp - ok
19:41:50.0264 5172  [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv          C:\Program Files\SystemRequirementsLab\cpudrv.sys
19:41:50.0283 5172  cpudrv - ok
19:41:50.0290 5172  CrackTcpip - ok
19:41:50.0333 5172  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:41:50.0348 5172  crcdisk - ok
19:41:50.0370 5172  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
19:41:50.0381 5172  Crusoe - ok
19:41:50.0465 5172  [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:41:50.0483 5172  CryptSvc - ok
19:41:50.0588 5172  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys
19:41:50.0615 5172  CSC - ok
19:41:50.0737 5172  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll
19:41:50.0767 5172  CscService - ok
19:41:50.0997 5172  [ 18AA92BA15EBB0C61C72308C6F20DD0E ] CyberLink Media Library Service C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
19:41:51.0057 5172  CyberLink Media Library Service - ok
19:41:51.0115 5172  [ 5118EA8A2F55FA4D4295516500B78229 ] DCamUSBEMPIA    C:\Windows\system32\DRIVERS\emDevice.sys
19:41:51.0126 5172  DCamUSBEMPIA - ok
19:41:51.0292 5172  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:41:51.0341 5172  DcomLaunch - ok
19:41:51.0417 5172  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:41:51.0429 5172  DfsC - ok
19:41:51.0871 5172  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
19:41:52.0038 5172  DFSR - ok
19:41:52.0118 5172  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
19:41:52.0138 5172  Dhcp - ok
19:41:52.0184 5172  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
19:41:52.0201 5172  disk - ok
19:41:52.0250 5172  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:41:52.0268 5172  Dnscache - ok
19:41:52.0341 5172  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:41:52.0361 5172  dot3svc - ok
19:41:52.0416 5172  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
19:41:52.0479 5172  DPS - ok
19:41:52.0526 5172  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:41:52.0539 5172  drmkaud - ok
19:41:52.0686 5172  [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:41:52.0758 5172  DXGKrnl - ok
19:41:52.0835 5172  [ 88B16142B40CC080A2D86AE769A30396 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
19:41:52.0859 5172  e1express - ok
19:41:52.0904 5172  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
19:41:52.0986 5172  E1G60 - ok
19:41:53.0084 5172  [ 16FF05BE2BD95824B487B1476862A84B ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
19:41:53.0105 5172  eamonm - ok
19:41:53.0151 5172  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
19:41:53.0167 5172  EapHost - ok
19:41:53.0268 5172  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
19:41:53.0294 5172  Ecache - ok
19:41:53.0399 5172  [ 366369746D1818FDD8589D1F2C8A6D03 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
19:41:53.0410 5172  ehdrv - ok
19:41:53.0611 5172  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:41:53.0639 5172  ehRecvr - ok
19:41:53.0696 5172  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
19:41:53.0710 5172  ehSched - ok
19:41:53.0730 5172  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
19:41:53.0746 5172  ehstart - ok
19:41:54.0161 5172  [ 7FE34FD5652C54BDA8D2DF8AC92E833A ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
19:41:54.0281 5172  ekrn - ok
19:41:54.0381 5172  [ CE37E3D51912E59C80C6D84337C0B4CD ] ElbyCDFL        C:\Windows\system32\Drivers\ElbyCDFL.sys
19:41:54.0406 5172  ElbyCDFL - ok
19:41:54.0457 5172  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
19:41:54.0472 5172  ElbyCDIO - ok
19:41:54.0567 5172  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:41:54.0627 5172  elxstor - ok
19:41:54.0664 5172  [ 200DA4F1964C11B3C19A07F937394624 ] emAudio         C:\Windows\system32\drivers\emAudio.sys
19:41:54.0674 5172  emAudio - ok
19:41:54.0839 5172  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
19:41:54.0885 5172  EMDMgmt - ok
19:41:54.0932 5172  [ E38CABC8881DBE278BDA5E131CFF74AC ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
19:41:54.0946 5172  epfwwfpr - ok
19:41:55.0071 5172  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
19:41:55.0084 5172  EpsonBidirectionalService - ok
19:41:55.0179 5172  [ B92F2B3247F0A99490C1298A1D3D7B4C ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
19:41:55.0199 5172  EPSON_EB_RPCV4_04 - ok
19:41:55.0303 5172  [ 651336B99C75FB54E4B5971CF458F9BD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
19:41:55.0318 5172  EPSON_PM_RPCV4_04 - ok
19:41:55.0457 5172  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
19:41:55.0474 5172  EventSystem - ok
19:41:55.0542 5172  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
19:41:55.0563 5172  exfat - ok
19:41:55.0627 5172  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:41:55.0642 5172  fastfat - ok
19:41:55.0764 5172  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe
19:41:55.0830 5172  Fax - ok
19:41:55.0877 5172  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:41:55.0897 5172  fdc - ok
19:41:55.0941 5172  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:41:55.0951 5172  fdPHost - ok
19:41:56.0010 5172  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:41:56.0020 5172  FDResPub - ok
19:41:56.0068 5172  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:41:56.0083 5172  FileInfo - ok
19:41:56.0127 5172  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:41:56.0152 5172  Filetrace - ok
19:41:56.0201 5172  [ 6F87E4706F59463B74BC4FAD0F67338F ] FiltUSBEMPIA    C:\Windows\system32\DRIVERS\emFilter.sys
19:41:56.0216 5172  FiltUSBEMPIA - ok
19:41:56.0532 5172  [ D4C0E5C287AAD7FF3176731A310AB2AF ] Fitbit          C:\Program Files\Fitbit\fitbit.exe
19:41:56.0582 5172  Fitbit - ok
19:41:56.0636 5172  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:41:56.0678 5172  flpydisk - ok
19:41:56.0747 5172  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:41:56.0774 5172  FltMgr - ok
19:41:56.0987 5172  [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache       C:\Windows\system32\FntCache.dll
19:41:57.0062 5172  FontCache - ok
19:41:57.0173 5172  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:41:57.0185 5172  FontCache3.0.0.0 - ok
19:41:57.0294 5172  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
19:41:57.0332 5172  fssfltr - ok
19:41:57.0724 5172  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:41:57.0984 5172  fsssvc - ok
19:41:58.0016 5172  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:41:58.0035 5172  Fs_Rec - ok
19:41:58.0120 5172  [ FECF4C2E42440A8D132BF94EEE3C3FC9 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:41:58.0148 5172  fvevol - ok
19:41:58.0204 5172  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:41:58.0222 5172  gagp30kx - ok
19:41:58.0289 5172  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:41:58.0304 5172  GEARAspiWDM - ok
19:41:58.0452 5172  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:41:58.0542 5172  gpsvc - ok
19:41:58.0705 5172  [ 626A24ED1228580B9518C01930936DF9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:58.0723 5172  gupdate - ok
19:41:58.0825 5172  [ 626A24ED1228580B9518C01930936DF9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
19:41:58.0827 5172  gupdatem - ok
19:41:58.0965 5172  [ AC33BE07397814A442DC305223DE3524 ] HCW85BDA        C:\Windows\system32\drivers\HCW85BDA.sys
19:41:59.0126 5172  HCW85BDA - ok
19:41:59.0178 5172  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:41:59.0222 5172  HdAudAddService - ok
19:41:59.0412 5172  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:41:59.0501 5172  HDAudBus - ok
19:41:59.0550 5172  [ 9C1A84CB7D209CBECB1909DE4875E9D6 ] HECI            C:\Windows\system32\DRIVERS\HECI.sys
19:41:59.0568 5172  HECI - ok
19:41:59.0600 5172  [ 1EEA61828EB0263B97252842C07E5A1C ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:41:59.0625 5172  HidBatt - ok
19:41:59.0668 5172  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:41:59.0693 5172  HidBth - ok
19:41:59.0733 5172  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:41:59.0764 5172  HidIr - ok
19:41:59.0815 5172  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
19:41:59.0824 5172  hidserv - ok
19:41:59.0937 5172  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:41:59.0950 5172  HidUsb - ok
19:42:00.0002 5172  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:42:00.0018 5172  hkmsvc - ok
19:42:00.0072 5172  [ 9CB151A39895ACE4312095EE2280898F ] hotcore3        C:\Windows\system32\drivers\hotcore3.sys
19:42:00.0090 5172  hotcore3 - ok
19:42:00.0113 5172  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
19:42:00.0132 5172  HpCISSs - ok
19:42:00.0245 5172  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:42:00.0321 5172  HTTP - ok
19:42:00.0357 5172  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
19:42:00.0391 5172  i2omp - ok
19:42:00.0455 5172  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:42:00.0481 5172  i8042prt - ok
19:42:00.0556 5172  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
19:42:00.0604 5172  iaStorV - ok
19:42:00.0813 5172  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:42:00.0974 5172  idsvc - ok
19:42:01.0411 5172  [ 9378D57E2B96C0A185D844770AD49948 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
19:42:01.0705 5172  igfx - ok
19:42:01.0761 5172  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:42:01.0788 5172  iirsp - ok
19:42:01.0896 5172  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
19:42:01.0954 5172  IKEEXT - ok
19:42:02.0012 5172  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:42:02.0025 5172  intelide - ok
19:42:02.0081 5172  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:42:02.0106 5172  intelppm - ok
19:42:02.0186 5172  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:42:02.0205 5172  IPBusEnum - ok
19:42:02.0259 5172  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:42:02.0270 5172  IpFilterDriver - ok
19:42:02.0367 5172  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:42:02.0384 5172  iphlpsvc - ok
19:42:02.0391 5172  IpInIp - ok
19:42:02.0426 5172  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
19:42:02.0449 5172  IPMIDRV - ok
19:42:02.0503 5172  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
19:42:02.0528 5172  IPNAT - ok
19:42:02.0716 5172  [ FE56897B27ED266F9C4E7D90A0B5DA47 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:42:02.0797 5172  iPod Service - ok
19:42:02.0834 5172  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:42:02.0855 5172  IRENUM - ok
19:42:02.0878 5172  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:42:02.0900 5172  isapnp - ok
19:42:02.0960 5172  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
19:42:03.0028 5172  iScsiPrt - ok
19:42:03.0056 5172  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
19:42:03.0075 5172  iteatapi - ok
19:42:03.0123 5172  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
19:42:03.0132 5172  iteraid - ok
19:42:03.0183 5172  [ 94A8C9436C36CD9657CFED0043066B9C ] Iviaspi         C:\Windows\system32\drivers\iviaspi.sys
19:42:03.0202 5172  Iviaspi - ok
19:42:03.0255 5172  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:42:03.0285 5172  kbdclass - ok
19:42:03.0337 5172  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:42:03.0362 5172  kbdhid - ok
19:42:03.0417 5172  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
19:42:03.0453 5172  KeyIso - ok
19:42:03.0565 5172  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:42:03.0628 5172  KSecDD - ok
19:42:03.0708 5172  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:42:03.0766 5172  KtmRm - ok
19:42:03.0812 5172  [ 1C219FABFB146C18CCEACCAC51282225 ] L8042Kbd        C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:42:03.0838 5172  L8042Kbd - ok
19:42:03.0875 5172  [ 4CC7C98B133CE333B869F771CA30FFA3 ] L8042mou        C:\Windows\system32\DRIVERS\L8042mou.Sys
19:42:03.0890 5172  L8042mou - ok
19:42:04.0008 5172  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:42:04.0022 5172  LanmanServer - ok
19:42:04.0073 5172  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:42:04.0101 5172  LanmanWorkstation - ok
19:42:04.0111 5172  Lavasoft Ad-Aware Service - ok
19:42:04.0126 5172  Lbd - ok
19:42:04.0329 5172  [ 910344E2A984010435AE84783B25E5EB ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:42:04.0389 5172  LBTServ - ok
19:42:04.0445 5172  [ 717E6714BCA808F2A372E636AFF3D15A ] LEqdUsb         C:\Windows\system32\Drivers\LEqdUsb.Sys
19:42:04.0458 5172  LEqdUsb - ok
19:42:04.0516 5172  [ 2786F7B4003ADFF88CE28BC1800B5407 ] LHidEqd         C:\Windows\system32\Drivers\LHidEqd.Sys
19:42:04.0536 5172  LHidEqd - ok
19:42:04.0585 5172  [ 01CC7FB6E790EF044B411377F3A1FF41 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:42:04.0600 5172  LHidFilt - ok
19:42:04.0755 5172  [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:42:04.0782 5172  LightScribeService - ok
19:42:04.0835 5172  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:42:04.0851 5172  lltdio - ok
19:42:04.0918 5172  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:42:04.0961 5172  lltdsvc - ok
19:42:05.0015 5172  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:42:05.0032 5172  lmhosts - ok
19:42:05.0057 5172  [ A2E7EAE8898D7B4B8C302B8F4E836BB5 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:42:05.0075 5172  LMouFilt - ok
19:42:05.0103 5172  [ FE5877AC25B1B9DD4E14E81ABB5E16CD ] LMouKE          C:\Windows\system32\DRIVERS\LMouKE.Sys
19:42:05.0126 5172  LMouKE - ok
19:42:05.0207 5172  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:42:05.0228 5172  LSI_FC - ok
19:42:05.0258 5172  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:42:05.0273 5172  LSI_SAS - ok
19:42:05.0319 5172  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:42:05.0343 5172  LSI_SCSI - ok
19:42:05.0379 5172  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
19:42:05.0400 5172  luafv - ok


----------



## enurtsol

TDSSkiller continued:

 19:42:05.0484 5172  [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus.sys
19:42:05.0512 5172  MarvinBus - ok
19:42:05.0571 5172  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:42:05.0587 5172  MBAMProtector - ok
19:42:05.0769 5172  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:42:05.0813 5172  MBAMScheduler - ok
19:42:05.0977 5172  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:42:06.0093 5172  MBAMService - ok
19:42:06.0150 5172  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:42:06.0163 5172  Mcx2Svc - ok
19:42:06.0325 5172  [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
19:42:06.0360 5172  MDM - ok
19:42:06.0398 5172  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
19:42:06.0413 5172  megasas - ok
19:42:06.0469 5172  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
19:42:06.0487 5172  MMCSS - ok
19:42:06.0539 5172  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
19:42:06.0554 5172  Modem - ok
19:42:06.0591 5172  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:42:06.0608 5172  monitor - ok
19:42:06.0644 5172  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:42:06.0659 5172  mouclass - ok
19:42:06.0746 5172  [ 634AC341786278FEE987C0587ED1E554 ] moufiltr        C:\Windows\system32\DRIVERS\moufiltr.sys
19:42:06.0761 5172  moufiltr - ok
19:42:06.0815 5172  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:42:06.0824 5172  mouhid - ok
19:42:06.0879 5172  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
19:42:06.0890 5172  MountMgr - ok
19:42:06.0979 5172  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:42:06.0994 5172  MozillaMaintenance - ok
19:42:07.0036 5172  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:42:07.0063 5172  mpio - ok
19:42:07.0113 5172  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:42:07.0128 5172  mpsdrv - ok
19:42:07.0256 5172  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:42:07.0294 5172  MpsSvc - ok
19:42:07.0332 5172  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
19:42:07.0354 5172  Mraid35x - ok
19:42:07.0390 5172  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:42:07.0421 5172  MRxDAV - ok
19:42:07.0484 5172  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:42:07.0526 5172  mrxsmb - ok
19:42:07.0613 5172  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:42:07.0643 5172  mrxsmb10 - ok
19:42:07.0671 5172  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:42:07.0702 5172  mrxsmb20 - ok
19:42:07.0739 5172  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:42:07.0771 5172  msahci - ok
19:42:07.0939 5172  [ 31E023681015C35EBFE1498B07813B87 ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS32.exe
19:42:07.0972 5172  MSCamSvc - ok
19:42:07.0999 5172  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:42:08.0016 5172  msdsm - ok
19:42:08.0048 5172  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
19:42:08.0060 5172  MSDTC - ok
19:42:08.0128 5172  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:42:08.0137 5172  Msfs - ok
19:42:08.0179 5172  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:42:08.0193 5172  msisadrv - ok
19:42:08.0232 5172  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:42:08.0260 5172  MSiSCSI - ok
19:42:08.0268 5172  msiserver - ok
19:42:08.0315 5172  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:42:08.0332 5172  MSKSSRV - ok
19:42:08.0414 5172  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:42:08.0426 5172  MSPCLOCK - ok
19:42:08.0486 5172  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:42:08.0501 5172  MSPQM - ok
19:42:08.0582 5172  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:42:08.0617 5172  MsRPC - ok
19:42:08.0662 5172  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:42:08.0677 5172  mssmbios - ok
19:42:08.0710 5172  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:42:08.0719 5172  MSTEE - ok
19:42:08.0765 5172  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
19:42:08.0785 5172  Mup - ok
19:42:08.0911 5172  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
19:42:08.0941 5172  napagent - ok
19:42:09.0000 5172  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:42:09.0049 5172  NativeWifiP - ok
19:42:09.0145 5172  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:42:09.0229 5172  NDIS - ok
19:42:09.0275 5172  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:42:09.0288 5172  NdisTapi - ok
19:42:09.0338 5172  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:42:09.0353 5172  Ndisuio - ok
19:42:09.0428 5172  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:42:09.0459 5172  NdisWan - ok
19:42:09.0524 5172  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:42:09.0540 5172  NDProxy - ok
19:42:09.0601 5172  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
19:42:09.0614 5172  Netaapl - ok
19:42:09.0638 5172  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:42:09.0650 5172  NetBIOS - ok
19:42:09.0737 5172  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
19:42:09.0782 5172  netbt - ok
19:42:10.0111 5172  [ 9EDE64D82D222A1D7DCD109AC34C64D4 ] NETGEARGenieDaemon C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
19:42:10.0145 5172  NETGEARGenieDaemon - ok
19:42:10.0171 5172  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
19:42:10.0174 5172  Netlogon - ok
19:42:10.0284 5172  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
19:42:10.0322 5172  Netman - ok
19:42:10.0695 5172  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:10.0847 5172  NetMsmqActivator - ok
19:42:10.0862 5172  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:10.0863 5172  NetPipeActivator - ok
19:42:10.0954 5172  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
19:42:10.0984 5172  netprofm - ok
19:42:11.0007 5172  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:11.0009 5172  NetTcpActivator - ok
19:42:11.0034 5172  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:42:11.0036 5172  NetTcpPortSharing - ok
19:42:11.0100 5172  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:42:11.0128 5172  nfrd960 - ok
19:42:11.0222 5172  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:42:11.0237 5172  NlaSvc - ok
19:42:11.0321 5172  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF             C:\Windows\system32\drivers\npf.sys
19:42:11.0330 5172  NPF - ok
19:42:11.0391 5172  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:42:11.0402 5172  Npfs - ok
19:42:11.0434 5172  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
19:42:11.0447 5172  nsi - ok
19:42:11.0538 5172  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:42:11.0548 5172  nsiproxy - ok
19:42:11.0780 5172  [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:42:11.0939 5172  Ntfs - ok
19:42:11.0962 5172  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
19:42:11.0980 5172  ntrigdigi - ok
19:42:12.0029 5172  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
19:42:12.0045 5172  NuidFltr - ok
19:42:12.0098 5172  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
19:42:12.0112 5172  Null - ok
19:42:12.0123 5172  nvlddmkm - ok
19:42:12.0162 5172  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:42:12.0179 5172  nvraid - ok
19:42:12.0207 5172  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:42:12.0221 5172  nvstor - ok
19:42:12.0275 5172  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:42:12.0311 5172  nv_agp - ok
19:42:12.0323 5172  NwlnkFlt - ok
19:42:12.0339 5172  NwlnkFwd - ok
19:42:12.0495 5172  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:42:12.0528 5172  odserv - ok
19:42:12.0562 5172  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
19:42:12.0590 5172  ohci1394 - ok
19:42:12.0915 5172  [ 39A7E63C4430CAEB8DB3AF626CBE85D5 ] OO DiskImage    C:\Program Files\Laplink\Laplink DiskImage\oodiag.exe
19:42:13.0209 5172  OO DiskImage - ok
19:42:13.0246 5172  [ 0B717E52A37C6DC1D94C8699EAF5078F ] oodisr          C:\Windows\system32\DRIVERS\oodisr.sys
19:42:13.0266 5172  oodisr - ok
19:42:13.0295 5172  [ 2EE3C65841D92FBCBC0DC437C53F3617 ] oodisrh         C:\Windows\system32\DRIVERS\oodisrh.sys
19:42:13.0311 5172  oodisrh - ok
19:42:13.0344 5172  [ 2C5F7D43DD4BC626DF013AE18B1F15B6 ] oodivd          C:\Windows\system32\DRIVERS\oodivd.sys
19:42:13.0371 5172  oodivd - ok
19:42:13.0396 5172  [ AB62D4128785B9B2BEFDA217A2D6A93A ] oodivdh         C:\Windows\system32\DRIVERS\oodivdh.sys
19:42:13.0406 5172  oodivdh - ok
19:42:13.0456 5172  [ A560DBF5A982E8E075227B00E4419B7B ] osaio           C:\Windows\system32\drivers\osaio.sys
19:42:13.0469 5172  osaio - ok
19:42:13.0528 5172  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:42:13.0557 5172  ose - ok
19:42:13.0707 5172  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
19:42:13.0756 5172  p2pimsvc - ok
19:42:13.0836 5172  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:42:13.0843 5172  p2psvc - ok
19:42:13.0921 5172  [ 8A79FDF04A73428597E2CAF9D0D67850 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:42:13.0931 5172  Parport - ok
19:42:13.0988 5172  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:42:14.0002 5172  partmgr - ok
19:42:14.0034 5172  [ 6C580025C81CAF3AE9E3617C22CAD00E ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
19:42:14.0045 5172  Parvdm - ok
19:42:14.0093 5172  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:42:14.0104 5172  PcaSvc - ok
19:42:14.0158 5172  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
19:42:14.0196 5172  pci - ok
19:42:14.0233 5172  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
19:42:14.0252 5172  pciide - ok
19:42:14.0331 5172  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:42:14.0355 5172  pcmcia - ok
19:42:14.0426 5172  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
19:42:14.0497 5172  pcouffin - ok
19:42:14.0778 5172  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:42:14.0958 5172  PEAUTH - ok
19:42:15.0447 5172  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
19:42:15.0670 5172  pla - ok
19:42:15.0769 5172  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:42:15.0849 5172  PlugPlay - ok
19:42:15.0988 5172  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
19:42:15.0995 5172  PNRPAutoReg - ok
19:42:16.0120 5172  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
19:42:16.0127 5172  PNRPsvc - ok
19:42:16.0176 5172  Point32 - ok
19:42:16.0284 5172  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:42:16.0335 5172  PolicyAgent - ok
19:42:16.0429 5172  [ 09687A361C9F1418973A4AE17D2F52CC ] portio32        C:\Windows\system32\drivers\portio32.sys
19:42:16.0453 5172  portio32 - ok
19:42:16.0823 5172  [ 859D1D0EEF2E0DD293FB3E1BBA3DCAEC ] ppped           C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
19:42:16.0956 5172  ppped - ok
19:42:17.0191 5172  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:42:17.0218 5172  PptpMiniport - ok
19:42:17.0250 5172  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
19:42:17.0283 5172  Processor - ok
19:42:17.0376 5172  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:42:17.0402 5172  ProfSvc - ok
19:42:17.0433 5172  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:42:17.0435 5172  ProtectedStorage - ok
19:42:17.0500 5172  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
19:42:17.0526 5172  PSched - ok
19:42:17.0724 5172  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:42:17.0886 5172  ql2300 - ok
19:42:17.0917 5172  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:42:17.0943 5172  ql40xx - ok
19:42:18.0062 5172  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
19:42:18.0201 5172  QWAVE - ok
19:42:18.0268 5172  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:42:18.0305 5172  QWAVEdrv - ok
19:42:18.0356 5172  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:42:18.0366 5172  RasAcd - ok
19:42:18.0428 5172  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
19:42:18.0457 5172  RasAuto - ok
19:42:18.0569 5172  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:42:18.0628 5172  Rasl2tp - ok
19:42:18.0760 5172  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
19:42:18.0909 5172  RasMan - ok
19:42:18.0989 5172  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:42:19.0006 5172  RasPppoe - ok
19:42:19.0060 5172  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:42:19.0105 5172  RasSstp - ok
19:42:19.0207 5172  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:42:19.0253 5172  rdbss - ok
19:42:19.0337 5172  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:42:19.0383 5172  RDPCDD - ok
19:42:19.0552 5172  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
19:42:19.0719 5172  rdpdr - ok
19:42:19.0744 5172  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:42:19.0786 5172  RDPENCDD - ok
19:42:19.0899 5172  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:42:19.0961 5172  RDPWD - ok
19:42:20.0023 5172  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:42:20.0077 5172  RemoteAccess - ok
19:42:20.0149 5172  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:42:20.0171 5172  RemoteRegistry - ok
19:42:20.0319 5172  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
19:42:20.0377 5172  RFCOMM - ok
19:42:20.0418 5172  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
19:42:20.0429 5172  RpcLocator - ok
19:42:20.0590 5172  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
19:42:20.0597 5172  RpcSs - ok
19:42:20.0653 5172  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:42:20.0668 5172  rspndr - ok
19:42:20.0706 5172  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
19:42:20.0709 5172  SamSs - ok
19:42:20.0813 5172  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:42:20.0847 5172  sbp2port - ok
19:42:21.0150 5172  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:42:21.0181 5172  SBSDWSCService - ok
19:42:21.0215 5172  [ F5A633609777C212EC5FF19927FC5955 ] ScanUSBEMPIA    C:\Windows\system32\DRIVERS\emScan.sys
19:42:21.0217 5172  ScanUSBEMPIA - ok
19:42:21.0301 5172  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:42:21.0326 5172  SCardSvr - ok
19:42:21.0548 5172  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
19:42:21.0640 5172  Schedule - ok
19:42:21.0695 5172  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:42:21.0697 5172  SCPolicySvc - ok
19:42:21.0751 5172  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:42:21.0769 5172  SDRSVC - ok
19:42:21.0809 5172  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:42:21.0822 5172  secdrv - ok
19:42:21.0873 5172  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
19:42:21.0892 5172  seclogon - ok
19:42:21.0942 5172  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
19:42:21.0956 5172  SENS - ok
19:42:22.0011 5172  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:42:22.0023 5172  Serenum - ok
19:42:22.0078 5172  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:42:22.0101 5172  Serial - ok
19:42:22.0156 5172  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:42:22.0177 5172  sermouse - ok
19:42:22.0264 5172  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:42:22.0283 5172  SessionEnv - ok
19:42:22.0333 5172  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:42:22.0358 5172  sffdisk - ok
19:42:22.0406 5172  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:42:22.0418 5172  sffp_mmc - ok
19:42:22.0447 5172  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:42:22.0477 5172  sffp_sd - ok
19:42:22.0512 5172  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:42:22.0530 5172  sfloppy - ok
19:42:22.0602 5172  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:42:22.0656 5172  SharedAccess - ok
19:42:22.0825 5172  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:42:22.0870 5172  ShellHWDetection - ok
19:42:22.0917 5172  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
19:42:22.0934 5172  sisagp - ok
19:42:22.0979 5172  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
19:42:23.0000 5172  SiSRaid2 - ok
19:42:23.0022 5172  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:42:23.0075 5172  SiSRaid4 - ok
19:42:23.0163 5172  [ DD22C852933516ED9B63BFD94BC83622 ] SIUSBXP         C:\Windows\system32\drivers\SiUSBXp.sys
19:42:23.0173 5172  SIUSBXP - ok
19:42:23.0605 5172  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
19:42:23.0699 5172  slsvc - ok
19:42:23.0734 5172  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
19:42:23.0752 5172  SLUINotify - ok
19:42:23.0796 5172  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:42:23.0823 5172  Smb - ok
19:42:23.0887 5172  [ 9ACBC471D86ED01A6F6BF30394C8ACEF ] smbusp          C:\Windows\system32\DRIVERS\intelsmb.sys
19:42:23.0902 5172  smbusp - ok
19:42:23.0992 5172  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:42:24.0001 5172  SNMPTRAP - ok
19:42:24.0061 5172  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
19:42:24.0077 5172  spldr - ok
19:42:24.0130 5172  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
19:42:24.0150 5172  Spooler - ok
19:42:24.0164 5172  sptd - ok
19:42:24.0283 5172  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:42:24.0340 5172  srv - ok
19:42:24.0428 5172  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:42:24.0469 5172  srv2 - ok
19:42:24.0543 5172  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:42:24.0579 5172  srvnet - ok
19:42:24.0661 5172  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:42:24.0680 5172  SSDPSRV - ok
19:42:24.0731 5172  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:42:24.0754 5172  SstpSvc - ok
19:42:25.0340 5172  [ C5003D42CC88C1F5D54ED9AF28D6ED7B ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
19:42:25.0377 5172  STacSV - ok
19:42:25.0531 5172  [ 773940B8D50439391FFA619B3EEF01A3 ] StatusAgent4    C:\Windows\system32\SAgent4.exe
19:42:25.0560 5172  StatusAgent4 - ok
19:42:25.0679 5172  [ 591E0DA800F1A5833A0FF6C865C395EA ] STHDA           C:\Windows\system32\DRIVERS\stwrt.sys
19:42:25.0738 5172  STHDA - ok
19:42:25.0808 5172  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
19:42:25.0850 5172  stisvc - ok
19:42:25.0914 5172  [ 0C67EA714F63F3D55B2B8D4F22B5FE3B ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
19:42:25.0916 5172  stllssvr - ok
19:42:25.0941 5172  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:42:25.0948 5172  swenum - ok
19:42:26.0048 5172  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
19:42:26.0058 5172  swprv - ok
19:42:26.0117 5172  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
19:42:26.0123 5172  Symc8xx - ok
19:42:26.0147 5172  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
19:42:26.0148 5172  Sym_hi - ok
19:42:26.0174 5172  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
19:42:26.0184 5172  Sym_u3 - ok
19:42:26.0257 5172  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
19:42:26.0301 5172  SysMain - ok
19:42:26.0352 5172  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:42:26.0357 5172  TabletInputService - ok
19:42:26.0427 5172  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:42:26.0452 5172  TapiSrv - ok
19:42:26.0505 5172  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
19:42:26.0541 5172  TBS - ok
19:42:26.0657 5172  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:42:26.0990 5172  Tcpip - ok
19:42:27.0074 5172  [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
19:42:27.0081 5172  Tcpip6 - ok
19:42:27.0151 5172  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:42:27.0176 5172  tcpipreg - ok
19:42:27.0228 5172  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:42:27.0249 5172  TDPIPE - ok
19:42:27.0320 5172  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:42:27.0336 5172  TDTCP - ok
19:42:27.0401 5172  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:42:27.0453 5172  tdx - ok
19:42:28.0936 5172  [ 851C5080261DFC1FCDC21DF0E5EA3BCB ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
19:42:29.0726 5172  TeamViewer8 - ok
19:42:29.0787 5172  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:42:29.0811 5172  TermDD - ok
19:42:29.0906 5172  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
19:42:29.0959 5172  TermService - ok
19:42:30.0020 5172  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
19:42:30.0025 5172  Themes - ok
19:42:30.0097 5172  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
19:42:30.0100 5172  THREADORDER - ok
19:42:30.0172 5172  [ 22BF524F119C1BEDAD13FA9AFDBB48DF ] tiltmouse       C:\Windows\system32\DRIVERS\MUsbFltr.sys
19:42:30.0192 5172  tiltmouse - ok
19:42:30.0262 5172  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
19:42:30.0295 5172  TrkWks - ok
19:42:30.0341 5172  [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight       C:\Windows\system32\TrueSight.sys
19:42:30.0364 5172  TrueSight - ok
19:42:30.0468 5172  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:42:30.0502 5172  TrustedInstaller - ok
19:42:30.0588 5172  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:42:30.0655 5172  tssecsrv - ok
19:42:30.0760 5172  [ 233FCD3443CFBBAA27E7E463DCCBC528 ] TuneUp.Defrag   C:\Windows\System32\TuneUpDefragService.exe
19:42:30.0804 5172  TuneUp.Defrag - ok
19:42:30.0853 5172  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
19:42:30.0869 5172  tunmp - ok
19:42:30.0931 5172  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:42:30.0956 5172  tunnel - ok
19:42:31.0016 5172  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:42:31.0027 5172  uagp35 - ok
19:42:31.0132 5172  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:42:31.0175 5172  udfs - ok
19:42:31.0238 5172  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:42:31.0243 5172  UI0Detect - ok
19:42:31.0274 5172  [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
19:42:31.0285 5172  UleadBurningHelper - ok
19:42:31.0322 5172  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:42:31.0333 5172  uliagpkx - ok
19:42:31.0415 5172  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
19:42:31.0455 5172  uliahci - ok
19:42:31.0492 5172  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
19:42:31.0519 5172  UlSata - ok
19:42:31.0556 5172  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
19:42:31.0581 5172  ulsata2 - ok
19:42:31.0640 5172  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:42:31.0657 5172  umbus - ok
19:42:31.0721 5172  [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
19:42:31.0737 5172  UMPass - ok
19:42:31.0835 5172  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll
19:42:31.0898 5172  UmRdpService - ok
19:42:31.0979 5172  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
19:42:32.0006 5172  upnphost - ok
19:42:32.0097 5172  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
19:42:32.0105 5172  USBAAPL - ok
19:42:32.0176 5172  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:42:32.0214 5172  usbaudio - ok
19:42:32.0302 5172  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:42:32.0313 5172  usbccgp - ok
19:42:32.0385 5172  [ 32C068EAF37C92D7194EEE1FAA1E7853 ] USBCCID         C:\Windows\system32\DRIVERS\usbccid.sys
19:42:32.0413 5172  USBCCID - ok
19:42:32.0477 5172  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:42:32.0511 5172  usbcir - ok
19:42:32.0572 5172  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:42:32.0599 5172  usbehci - ok
19:42:32.0685 5172  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:42:32.0712 5172  usbhub - ok
19:42:32.0739 5172  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:42:32.0754 5172  usbohci - ok
19:42:32.0789 5172  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:42:32.0801 5172  usbprint - ok
19:42:32.0850 5172  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
19:42:32.0864 5172  usbscan - ok
19:42:32.0900 5172  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:42:32.0948 5172  USBSTOR - ok
19:42:33.0009 5172  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
19:42:33.0022 5172  usbuhci - ok
19:42:33.0082 5172  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
19:42:33.0093 5172  UxSms - ok
19:42:33.0153 5172  [ 25895CC7C3F101419A9ED1BF65A8BD62 ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
19:42:33.0168 5172  UxTuneUp - ok
19:42:33.0232 5172  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
19:42:33.0249 5172  VClone - ok
19:42:33.0378 5172  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
19:42:33.0414 5172  vds - ok
19:42:33.0829 5172  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:42:33.0840 5172  vga - ok
19:42:33.0877 5172  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:42:33.0893 5172  VgaSave - ok
19:42:33.0950 5172  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
19:42:33.0992 5172  viaagp - ok
19:42:34.0039 5172  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
19:42:34.0061 5172  ViaC7 - ok
19:42:34.0098 5172  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
19:42:34.0100 5172  viaide - ok
19:42:34.0129 5172  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:42:34.0139 5172  volmgr - ok
19:42:34.0244 5172  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:42:34.0328 5172  volmgrx - ok
19:42:34.0420 5172  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:42:34.0464 5172  volsnap - ok
19:42:34.0532 5172  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:42:34.0555 5172  vsmraid - ok
19:42:34.0805 5172  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
19:42:34.0978 5172  VSS - ok
19:42:35.0424 5172  [ 3A5F9D943E2566E59163B2502FA684F8 ] VX6000          C:\Windows\system32\DRIVERS\VX6000Xp.sys
19:42:35.0750 5172  VX6000 - ok
19:42:35.0821 5172  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
19:42:35.0853 5172  W32Time - ok
19:42:35.0883 5172  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:42:35.0903 5172  WacomPen - ok
19:42:35.0957 5172  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
19:42:35.0987 5172  Wanarp - ok
19:42:36.0018 5172  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:42:36.0020 5172  Wanarpv6 - ok
19:42:36.0211 5172  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe
19:42:36.0254 5172  wbengine - ok
19:42:36.0329 5172  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:42:36.0367 5172  wcncsvc - ok
19:42:36.0416 5172  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:42:36.0425 5172  WcsPlugInService - ok
19:42:36.0473 5172  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
19:42:36.0503 5172  Wd - ok
19:42:36.0692 5172  [ E88C32C7F2781F7ECB88567CA6D4805C ] WDDriveService  C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
19:42:36.0744 5172  WDDriveService - ok
19:42:36.0917 5172  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:42:36.0998 5172  Wdf01000 - ok
19:42:37.0059 5172  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:42:37.0081 5172  WdiServiceHost - ok
19:42:37.0113 5172  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:42:37.0121 5172  WdiSystemHost - ok
19:42:37.0188 5172  [ A7F6556CB431180BDEDDC869D02E48BD ] WDUDSMBus       C:\Windows\system32\Drivers\WDUDSMBus.sys
19:42:37.0222 5172  WDUDSMBus - ok
19:42:37.0304 5172  [ B0F2BA80CE5718587D88BA4BACD56D1B ] WDUDSTcpBus     C:\Windows\system32\Drivers\WDUDSTcpBus.sys
19:42:37.0351 5172  WDUDSTcpBus - ok
19:42:37.0455 5172  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
19:42:37.0492 5172  WebClient - ok
19:42:37.0580 5172  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:42:37.0602 5172  Wecsvc - ok
19:42:37.0665 5172  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:42:37.0685 5172  wercplsupport - ok
19:42:37.0748 5172  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:42:37.0755 5172  WerSvc - ok
19:42:37.0809 5172  [ 090A2B8F055343815556A01F725F6C35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
19:42:37.0822 5172  WimFltr - ok
19:42:37.0990 5172  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
19:42:38.0010 5172  WinDefend - ok
19:42:38.0055 5172  WinHttpAutoProxySvc - ok
19:42:38.0385 5172  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:42:38.0418 5172  Winmgmt - ok
19:42:38.0641 5172  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
19:42:38.0904 5172  WinRM - ok
19:42:39.0089 5172  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:42:39.0185 5172  Wlansvc - ok
19:42:39.0451 5172  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:42:39.0462 5172  wlcrasvc - ok
19:42:39.0892 5172  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:42:40.0147 5172  wlidsvc - ok
19:42:40.0229 5172  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:42:40.0262 5172  WmiAcpi - ok
19:42:40.0352 5172  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:42:40.0385 5172  wmiApSrv - ok
19:42:40.0620 5172  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
19:42:40.0747 5172  WMPNetworkSvc - ok
19:42:40.0816 5172  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:42:40.0832 5172  WPCSvc - ok
19:42:40.0927 5172  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:42:40.0978 5172  WPDBusEnum - ok
19:42:41.0057 5172  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
19:42:41.0071 5172  WpdUsb - ok
19:42:41.0828 5172  [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:42:41.0863 5172  WPFFontCache_v0400 - ok
19:42:41.0942 5172  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:42:41.0943 5172  ws2ifsl - ok
19:42:41.0996 5172  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
19:42:42.0001 5172  wscsvc - ok
19:42:42.0069 5172  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
19:42:42.0086 5172  WSDPrintDevice - ok
19:42:42.0156 5172  [ 65D1FF8AAFF4A7D8F787A290E5087816 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
19:42:42.0170 5172  WSDScan - ok
19:42:42.0184 5172  WSearch - ok
19:42:42.0612 5172  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
19:42:42.0844 5172  wuauserv - ok
19:42:42.0891 5172  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:42:42.0906 5172  WudfPf - ok
19:42:42.0932 5172  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:42:42.0936 5172  WUDFRd - ok
19:42:42.0988 5172  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:42:42.0993 5172  wudfsvc - ok
19:42:43.0133 5172  [ 5867CE254625645345C833510D24F124 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files\CyberLink\PowerDVD\000.fcl
19:42:43.0143 5172  {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
19:42:43.0183 5172  ================ Scan global ===============================
19:42:43.0266 5172  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:42:43.0384 5172  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
19:42:43.0481 5172  [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
19:42:43.0593 5172  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:42:43.0620 5172  [Global] - ok
19:42:43.0623 5172  ================ Scan MBR ==================================
19:42:43.0646 5172  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:42:44.0023 5172  \Device\Harddisk0\DR0 - ok
19:42:44.0027 5172  [ 096B4D6D03500A9B7DEB27F2244E9A60 ] \Device\Harddisk1\DR1
19:42:44.0031 5172  \Device\Harddisk1\DR1 - ok
19:42:44.0038 5172  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
19:42:44.0043 5172  \Device\Harddisk2\DR2 - ok
19:42:44.0044 5172  ================ Scan VBR ==================================
19:42:44.0047 5172  [ E28AC35A04903CE39FC5E78785B8D29C ] \Device\Harddisk0\DR0\Partition1
19:42:44.0049 5172  \Device\Harddisk0\DR0\Partition1 - ok
19:42:44.0074 5172  [ 3AC9D9A6FA9392317CEC851892810440 ] \Device\Harddisk0\DR0\Partition2
19:42:44.0093 5172  \Device\Harddisk0\DR0\Partition2 - ok
19:42:44.0121 5172  [ B1833C59A13A36BC4914841574901798 ] \Device\Harddisk0\DR0\Partition3
19:42:44.0124 5172  \Device\Harddisk0\DR0\Partition3 - ok
19:42:44.0128 5172  [ 2DF47BD7813F062E312FAE24F577D249 ] \Device\Harddisk2\DR2\Partition1
19:42:44.0130 5172  \Device\Harddisk2\DR2\Partition1 - ok
19:42:44.0136 5172  [ 423D4C15E3EEFE773F8FF72B0DA0CB76 ] \Device\Harddisk2\DR2\Partition2
19:42:44.0142 5172  \Device\Harddisk2\DR2\Partition2 - ok
19:42:44.0142 5172  ============================================================
19:42:44.0142 5172  Scan finished
19:42:44.0142 5172  ============================================================
19:42:44.0157 5224  Detected object count: 0
19:42:44.0157 5224  Actual detected object count: 0
19:49:23.0462 0820  Deinitialize success


----------



## enurtsol

AdwCleaner log:

 # AdwCleaner v2.305 - Logfile created 07/15/2013 at 19:54:44
# Updated 11/07/2013 by Xplode
# Operating system : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# User : LostRune - KYOKO
# Boot Mode : Normal
# Running from : D:\Users\LostRune\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : D:\Users\LostRune\AppData\Roaming\Mozilla\Firefox\Profiles\379cl6wj.default\jetpack

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : D:\Users\LostRune\AppData\Roaming\Mozilla\Firefox\Profiles\379cl6wj.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8475 octets] - [15/07/2013 15:34:59]
AdwCleaner[R2].txt - [8535 octets] - [15/07/2013 16:25:32]
AdwCleaner[R3].txt - [1088 octets] - [15/07/2013 19:52:45]
AdwCleaner[R4].txt - [1207 octets] - [15/07/2013 19:54:16]
AdwCleaner[S1].txt - [8877 octets] - [15/07/2013 16:28:10]
AdwCleaner[S2].txt - [328 octets] - [15/07/2013 19:53:19]
AdwCleaner[S3].txt - [1141 octets] - [15/07/2013 19:54:44]

########## EOF - C:\AdwCleaner[S3].txt - [1201 octets] ##########

Thanks again, johnb.


----------



## johnb35

Then lets scan deeper.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.




We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  


If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine. 


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## enurtsol

Hello again johnb,

Hopefully I followed your instructions properly.  I closed Malwarebytes, temporarily disabled ESET AV, and turned off Windows Firewall.  Also closed all windows and applications running and as many processes on the system tray as I know comfortably end.  

Then let Combofix run for as long as it takes and didn't touch the computer.  I didn't see it create a Restore Point (and later looking at the Windows Restore Points list, it didn't make one it seems - should I manually create a Restore Point now?) nor see it backing up the Registry (though I later see files in C:\Qoobox\Quarantine\Registry_backups folder).  It also didn't ask me about the Windows Recovery Console.

After awhile and "Completed Stage_50" then let it reboot automatically.  Let it run some more just to be sure it's finished, with the following C:\ComboFix.txt generated.  Afterwards, re-ran HijackThis and the following log file.

We let the computer run itself for a bit to see what happens.  So far so good.  Since then, haven't seen that Malwarebytes pop-up warning (and looking at the Malwarebytes protection-log .txt, it hasn't been logged since).  Checking C:\Windows\temp displayed "didn't have permission to access folder" and had to press "Continue" to open it, so that's new - fortunately though, none of those large htt****.tmp files have re-appeared.  Meanwhile, Netgear Genie is not displaying any network traffic at all, even when surfing websites, which is weird but good, definitely preferable than the previous problem (though this probably means I should re-install the program).

Thanks again, and here are the resulting log files.  When you figure out what happened with all this, please let us know too and how to avoid/prevent it in the future.  We really appreciate your help and knowledge.  And we'll update here if the issue(s) come back or anything else weird with the computer we encounter from this.


ComboFix:

 ComboFix 13-07-15.01 - LostRune 07/15/2013  21:03:36.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.3317.1918 [GMT -4:00]
Running from: d:\users\LostRune\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\MyNetDashboard.ico
c:\programdata\WDInternetSecurityAndParentalControl.ico
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
d:\users\LostRune\AppData\Roaming\Xbins
d:\users\LostRune\AppData\Roaming\Xbins\dict
d:\users\LostRune\AppData\Roaming\Xbins\FileZilla.xml
d:\users\LostRune\AppData\Roaming\Xbins\icon.ico
d:\users\LostRune\AppData\Roaming\Xbins\xbinsftp.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-16 to 2013-07-16  )))))))))))))))))))))))))))))))
.
.
2013-07-16 01:13 . 2013-07-16 01:13	--------	d-----w-	c:\users\Mcx2\AppData\Local\temp
2013-07-15 21:14 . 2013-07-15 21:14	--------	d-----w-	c:\program files\Common Files\Java
2013-07-15 21:14 . 2013-07-15 21:12	867240	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-07-15 21:13 . 2013-07-15 21:12	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-07-15 17:16 . 2013-07-15 18:33	15616	----a-w-	c:\windows\system32\TrueSight.sys
2013-07-15 09:25 . 2013-07-15 09:25	--------	d-----w-	c:\windows\ERUNT
2013-07-14 08:45 . 2013-07-14 08:49	--------	d-----w-	c:\windows\system32\MRT
2013-07-14 08:45 . 2013-06-12 04:18	7068072	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BE7A722-4C13-4D62-B619-06B33B73C5C0}\mpengine.dll
2013-07-10 19:49 . 2013-05-08 04:04	1548288	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-10 19:49 . 2013-04-17 11:28	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-07-10 19:49 . 2013-04-17 11:28	189952	----a-w-	c:\windows\system32\d3d10core.dll
2013-07-10 19:49 . 2013-04-17 11:28	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2013-07-10 19:49 . 2013-04-17 11:28	1029120	----a-w-	c:\windows\system32\d3d10.dll
2013-07-10 19:49 . 2013-04-17 10:34	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2013-07-10 19:49 . 2013-04-17 10:33	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2013-07-10 19:49 . 2013-04-17 10:14	683008	----a-w-	c:\windows\system32\d2d1.dll
2013-07-10 19:49 . 2013-04-17 10:10	1069056	----a-w-	c:\windows\system32\DWrite.dll
2013-07-10 19:49 . 2013-04-17 10:10	798208	----a-w-	c:\windows\system32\FntCache.dll
2013-07-10 19:49 . 2013-06-04 01:50	2049024	----a-w-	c:\windows\system32\win32k.sys
2013-07-10 19:49 . 2013-06-01 04:06	505344	----a-w-	c:\windows\system32\qedit.dll
2013-07-10 19:47 . 2013-04-09 03:52	1218048	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 19:47 . 2013-04-09 03:51	983552	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 19:47 . 2013-04-09 03:51	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:47 . 2013-04-09 03:51	964608	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-15 21:12 . 2011-10-01 04:28	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-24 10:40 . 2012-04-10 08:15	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-24 10:40 . 2011-05-20 10:26	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-09 04:15 . 2013-06-03 05:42	35088	----a-w-	c:\windows\system32\drivers\npf.sys
2013-05-17 05:24 . 2011-03-28 23:36	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-08 04:37 . 2013-06-12 05:14	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-05-02 22:03 . 2013-06-12 05:14	3603832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03 . 2013-06-12 05:14	3551096	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-05-02 06:06 . 2009-10-03 04:00	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-05-02 04:04 . 2013-06-12 05:14	443904	----a-w-	c:\windows\system32\win32spl.dll
2013-05-02 04:03 . 2013-06-12 05:14	37376	----a-w-	c:\windows\system32\printcom.dll
2013-05-01 07:59 . 2013-05-01 07:59	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59	69632	----a-w-	c:\windows\system32\QuickTime.qts
2013-04-24 04:00 . 2013-06-12 05:14	985600	----a-w-	c:\windows\system32\crypt32.dll
2013-04-24 04:00 . 2013-06-12 05:14	98304	----a-w-	c:\windows\system32\cryptnet.dll
2013-04-24 04:00 . 2013-06-12 05:14	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2013-04-24 04:00 . 2013-06-12 05:14	41984	----a-w-	c:\windows\system32\certenc.dll
2013-04-24 01:46 . 2013-06-12 05:14	812544	----a-w-	c:\windows\system32\certutil.exe
2013-04-17 12:30 . 2013-06-12 05:13	24576	----a-w-	c:\windows\system32\cryptdlg.dll
2011-10-08 10:59 . 2011-10-08 10:59	117312	----a-w-	c:\program files\securable.exe
2009-07-29 04:27 . 2009-07-29 04:27	121328	----a-w-	c:\program files\DisableMobsync.exe
2008-01-27 07:24 . 2008-01-27 07:24	454656	----a-w-	c:\program files\putty.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-01 20:17	222832	----a-w-	c:\users\LostRune\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-01 20:17	222832	----a-w-	c:\users\LostRune\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-01 20:17	222832	----a-w-	c:\users\LostRune\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 21:27	158224	----a-w-	c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OODIIcon]
@="{14A94384-BBED-47ed-86C0-6BF63FD892D0}"
[HKEY_CLASSES_ROOT\CLSID\{14A94384-BBED-47ed-86C0-6BF63FD892D0}]
2010-05-27 18:40	111960	----a-w-	c:\program files\Laplink\Laplink DiskImage\oodishi.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"NETGEARGenie"="c:\program files\NETGEAR Genie\bin\NETGEARGenie.exe" [2013-04-07 1044224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SkyDrive"="c:\users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-07-01 257136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\WinPatrol.exe" [2011-03-16 325000]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-03-01 15872]
"ipTray.exe"="c:\program files\Intel\IDU\iptray.exe" [2006-12-28 2242328]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"PowerPanel Personal Edition User Interaction"="c:\program files\CyberPower PowerPanel Personal Edition\pppeuser.exe" [2012-03-27 350144]
"OODITRAY.EXE"="c:\program files\Laplink\Laplink DiskImage\OODITRAY.EXE" [2010-05-27 1918296]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AlwaysShowClassicMenu"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"ehTray.exe"=c:\windows\ehome\ehTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"IgfxTray"=c:\windows\system32\igfxtray.exe
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe
"IntelAudioStudio"="c:\program files\Intel Audio Studio 2.7\IntelAudioStudio.exe" TRAY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ALSYSIO
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
bthsvcs	REG_MULTI_SZ   	BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 16:49	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 21:23	38400	------w-	c:\windows\System32\SoundSchemes.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 14:50	30720	------w-	c:\windows\System32\soundschemes2.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 18:31]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 06:10]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-30 06:10]
.
2013-07-14 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-05-05 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Links to this page - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
IE: &Similar pages - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to iPod Converter - d:\users\LostRune\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Look up in Mr&Check... - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
IE: Open in &new window - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
IE: Search with &Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Send to &Bluetooth Device... - c:\program files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
IE: Show page from the &cache - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gcache.htm
IE: Translate this page with Google - c:\programdata\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: View old version at &archives.org - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
IE: Zoom &in - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
IE: Zoom &out - c:\programdata\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\users\LostRune\AppData\Roaming\Mozilla\Firefox\Profiles\379cl6wj.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-05-24 00:51; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-FITBIT&10C4&84C4 - c:\program files\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-15 21:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1000)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(4092)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Laplink\Laplink DiskImage\oodishi.dll
c:\program files\Laplink\Laplink DiskImage\oodishrs.dll
c:\windows\system32\CbFsNetRdr3.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
c:\windows\system32\CbFsMntNtf3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
c:\program files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
c:\windows\System32\vdsldr.exe
c:\program files\Core Temp\Core Temp.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Intel\IDU\awServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
c:\program files\Fitbit\fitbit.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\CyberPower PowerPanel Personal Edition\ppped.exe
c:\windows\system32\SAgent4.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\windows\System32\vds.exe
c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Laplink\Laplink DiskImage\oodiag.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\UI0Detect.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OUTLOOK ON THE DESKTOP\OUTLOOKDESKTOP.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\NETGEAR Genie\bin\genie2_tray.exe
c:\program files\Microsoft Office\Office12\OUTLOOK.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-07-15  21:26:16 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-16 01:25
.
Pre-Run: 4,388,044,800 bytes free
Post-Run: 3,978,641,408 bytes free
.
- - End Of File - - FEE58293BF1AE75AB34BDCD59714E4A4
5C616939100B85E558DA92B899A0FC36

HijackThis:

 Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:57:48 PM, on 7/15/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16496)

FIREFOX: 22.0 (en-US)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Core Temp\Core Temp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
C:\Program Files\Laplink\Laplink DiskImage\ooditray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\PROGRAM FILES\OUTLOOK ON THE DESKTOP\OUTLOOKDESKTOP.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\Explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Users\LostRune\Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
O4 - HKLM\..\Run: [OODITRAY.EXE] C:\Program Files\Laplink\Laplink DiskImage\OODITRAY.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\LostRune\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Links to this page - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gbacklinks.htm
O8 - Extra context menu item: &Similar pages - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gsimilar.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to iPod Converter - D:\Users\LostRune\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
O8 - Extra context menu item: Look up in Mr&Check... - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tumrcheck.htm
O8 - Extra context menu item: Open in &new window - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuofinw.htm
O8 - Extra context menu item: Search with &Google - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
O8 - Extra context menu item: Show page from the &cache - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gcache.htm
O8 - Extra context menu item: Translate this page with Google - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: View old version at &archives.org - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuarch.htm
O8 - Extra context menu item: Zoom &in - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuzoomin.htm
O8 - Extra context menu item: Zoom &out - C:\ProgramData\TuneUp Software\TuneUp Utilities\Web\tuzoomout.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/audio/bin/sysreqlab_srlx.cab
O16 - DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} (TNetworkScanner Control) - http://optimum.net/downloads/TNetworkScannerXControl.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1209007354990
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1209007424377
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Fitbit Data Uploader (Fitbit) - Fitbit, Inc. - C:\Program Files\Fitbit\fitbit.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
O23 - Service: OO DiskImage - Unknown owner - C:\Program Files\Laplink\Laplink DiskImage\oodiag.exe
O23 - Service: PowerPanel Personal Edition Service (ppped) - Cyber Power Systems, Inc. - C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_98f8d2d0\STacSV.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\Windows\system32\SAgent4.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe

--
End of file - 15227 bytes


----------



## johnb35

OK, good to hear its running better.

I would like to see one more report.  Navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt  Open that file and copy and paste the contents back here. 

I see one program that needs to be uninstalled and there may be more.  

Then we will have a little cleanup left to do.


----------



## enurtsol

Sure, no problem.  So far so good.  Still like to know what the heck happened so we don't do it again.  Here goes:

C:\Qoobox\Add-Remove Programs.txt

  Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.57
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
ANYCOM USB-200/250 Bluetooth Software
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
AviSynth 2.5
BadCopy Pro
BatchPurifier
Beyond TV DVD Burning Foundation
Bonjour
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Media Center
Catalyst Media Center DVD Authoring Module
ccc-core-static
ccc-utility
CCC Help English
CloneCD
CloneDVD2
Combined Community Codec Pack 2008-01-24
Console Classix 4.06
ConvertHelper 2.2
ConvertXtoDVD 3.8.0.193d
Core Temp version 0.99.7
CyberPower PowerPanel Personal Edition 1.3.3
D3DX10
Data Lifeguard Diagnostic for Windows
Debugging Tools for Windows (x86)
DiskExplorer for NTFS
DVD Profiler Version 3.7.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2
Easy CD-DA Extractor 2010
EPSON Artisan 830 Series Printer Uninstall
Epson CreativeZone
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup 3.3
eReg
erLT
ESET NOD32 Antivirus
Fitbit Base Station (Driver Removal)
Fitbit v2.1.0
FormatFactory 2.95
FoxyTunes for Firefox
Free Audio CD Burner version 1.4.7
Free Audio CD to MP3 Converter version 1.3.7
Free Video to iPhone Converter version 3.2.10
Free Video to iPod Converter version 3.1
Free Video to Mp3 Converter version 3.1
Free YouTube Download version 2.10.36.517
Free YouTube to iPhone Converter version 3.10.27
Free YouTube to iPod Converter version 3.10.815
Free YouTube to MP3 Converter version 3.9.32
FUJIFILM MyFinePix Studio 3.1
GetDataBack for NTFS
Ghostery IE Plugin
Google Earth Plug-in
Google Gears
Google Update Helper
HandBrake 0.9.5
Hauppauge English Help Files and Resources
Hauppauge MCE XP/Vista Software Encoder (2.0.26057)
Hauppauge Signal Monitor Utility
Hauppauge WinTV
Hauppauge WinTV Infrared Remote
Hauppauge WinTV Scheduler
Hauppauge WinTV Soft PVR
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
IDT Audio
ImgBurn
Intel Audio Studio 2.7
Intel Processor Diagnostic Tool 
Intel(R) Desktop Utilities
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) Network Connections 12.4.38.0
Intel(R) SMBus
InterVideo FilterSDK for Hauppauge
InterVideo MediaOne Gallery
InterVideo WinDVD
IrfanView (remove only)
iTunes
Japanese Fonts Support For Adobe Reader 8
Java 7 Update 25
Java Auto Updater
Just Great Software EditPad Lite 6.4.3
Laplink DiskImage Professional
LightScribe System Software
Logitech SetPoint 6.32
Logitech Unifying Software 2.10
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft XML Parser
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Net View
NETGEAR Genie
NETGEAR Live Parental Controls Management Utility 2.1.6
NETGEAR Live Parental Controls User Utility 1.0b40
Outlook on the Desktop 1.4.0
Paragon Partition Manager 8.5 Server Edition
PicWalker 4.2
Pinnacle Studio 12
Pinnacle Video Driver
PortTrigger 1.0
PowerDVD
PowerDVD Ultra
QuickSFV (Remove only)
QuickTime
RATattack 0.2
ratDVD 0.78.1444
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Segoe UI
Skype™ 3.8
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SureThing CD Labeler LightScribe 5.0.581.0
System Requirements Lab
System Requirements Lab for Intel
TeamViewer 8
TuneUp Utilities 2008
Ultimate Extras sounds from Microsoft® Tinker™
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtualCloneDrive
Vista Manager
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Print Share
WD Quick View
Windows 7 Upgrade Advisor
Windows Automated Installation Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Windows Sidebar Styler
Windows Sound Schemes
WinPatrol 2009
WinSCP 4.0.7

It's an old computer, so we basically just use it for internet stuff, and unfortunately we didn't bother uninstalling some stuff we hardly use anymore.  Thanks again, johnb, and please take your time, since we may not able to do everything tonight as it's getting late here.


----------



## johnb35

Please uninstall the following programs.

Spybot - Search & Destroy - old and outdated - malwarebytes is much better
TuneUp Utilities 2008 - old and outdated - really not needed anyway
Uninstall 1.0.0.1 - not needed
WinPatrol 2009 - old and outdated

Also rerun hijackthis and place checks next to the following entries.

O3 - Toolbar: QT TabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll (file missing)
O3 - Toolbar: QT Tab Standard Buttons - {D2BF470E-ED1C-487F-A666-2BD8835EB6CE} - mscoree.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then click on fix checked.


----------



## enurtsol

Hello again johnb,

Sorry for the lateness; just got back.
As per your instructions, done and done.  Actually, I upgraded WinPatrol to the latest version, but for some reason, it still says 2009 on the Programs list.
And still so far so good.  Nothing else weird happening, and will update if there is.  
Thanks a lot again.  Though we're still a bit paranoid not knowing how to avoid repeating this, haha.  (Looking at the web history, doesn't seem we surfed into any questionable website....... unless a "safe" website didn't know it was compromised........)  We definitely owe ya a beer or two.


----------

