# Random freezing, quite often



## Franknj229 (Sep 21, 2009)

For the past couple weeks I have been experiencing random freezing. Sometimes it happens just as the desktop appears, other times I come back to the computer after being away for hours and find it frozen. When it's working, it seems to be working just fine (ie. not sluggish, no pop-ups, no obvious signs of malware/spyware). I'm running Kapersky Internet Security. Below are my logs as requested.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz, Intel64 Family 6 Model 26 Stepping 4
Processor Count: 8
RAM: 6134 Mb
Graphics Card: NVIDIA GeForce GTX 285, 1024 Mb
Hard Drives: C: Total - 953866 MB, Free - 423684 MB; E: Total - 953867 MB, Free - 460948 MB; F: Total - 610477 MB, Free - 482738 MB;
Motherboard: ASUSTeK Computer INC., P6T6 WS REVOLUTION
Antivirus: Kaspersky Internet Security, Updated and Enabled

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:55:19 PM, on 9/14/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16506)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Steam\Video Games\Steam.exe
C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Users\Franknj229\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor[1].gadget\GPUMonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Franknj229\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\video games\steam.exe" -silent
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - Startup: GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
O4 - Startup: NexDef Plug-in.lnk = C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://cam4231246.viewnetcam.com:5001/bl_camera.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} (pmpeg4cam Class) - http://barkatl9991.viewnetcam.com:5007/MpegInst.cab
O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://cam8997481.viewnetcam.com:5009/JpegInst.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Sentinel Local License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13917 bytes

DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16506 BrowserJavaVersion: 10.25.2
Run by Franknj229 at 21:56:46 on 2013-09-14
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.6134.3793 [GMT -4:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Video Games\Steam.exe
C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\RivaTuner v2.24\RivaTuner.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Franknj229\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor[1].gadget\GPUMonitor.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Real\RealPlayer\RealPlay.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://news.yahoo.com/
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "c:\program files (x86)\steam\video games\steam.exe" -silent
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
mRun: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
StartupFolder: C:\Users\FRANKN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
StartupFolder: C:\Users\FRANKN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\NEXDEF~1.LNK - C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://cam4231246.viewnetcam.com:5001/bl_camera.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://barkatl9991.viewnetcam.com:5007/MpegInst.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://cam8997481.viewnetcam.com:5009/JpegInst.cab
TCP: NameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{55733108-CDE5-453C-BA75-9CAFD17B0FEC} : DHCPNameServer = 208.59.247.45 208.59.247.46
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Run: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" /T
x64-Run: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" /S
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2008-6-23 173096]
R0 mv64xx;mv64xx;C:\Windows\System32\drivers\mv64xx.sys [2009-4-1 316456]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2013-8-19 238352]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2013-8-19 119056]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-4-21 83072]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376]
R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-4-1 90112]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528]
R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [2009-2-25 19952]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2013-7-4 131856]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2013-9-6 146704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2013-4-12 106256]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-1 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-09-13 22:52:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 22:52:23 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-12 07:09:05 79143768 ----a-w- C:\Windows\System32\mrt.exe
2013-09-07 16:48:49 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-09-06 18:27:12 238352 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2013-09-06 18:25:40 146704 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2013-09-06 18:25:40 131856 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2013-09-06 18:25:40 119056 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2013-09-06 18:25:38 204048 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2013-08-08 02:03:11 2775552 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-31 14:17:31 17833472 ----a-w- C:\Windows\System32\mshtml.dll
2013-07-31 13:42:12 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-07-31 13:29:19 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-31 13:20:02 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-07-31 13:19:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-07-31 13:18:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-07-31 13:17:24 237056 ----a-w- C:\Windows\System32\url.dll
2013-07-31 13:16:12 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-07-31 13:14:29 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-07-31 13:13:07 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-07-31 13:13:05 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-07-31 13:11:46 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-07-31 13:11:41 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-07-31 13:09:35 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-07-31 13:08:44 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-31 13:05:14 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-07-31 10:30:56 12335104 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-07-31 10:05:18 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-07-31 10:00:20 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-31 09:53:17 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-07-31 09:52:44 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-31 09:52:34 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-07-31 09:51:29 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-07-31 09:49:58 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-07-31 09:48:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-07-31 09:48:28 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-07-31 09:48:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-07-31 09:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-07-31 09:46:37 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-07-31 09:45:59 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-07-31 09:45:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-31 09:42:36 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-16 09:25:53 689152 ----a-w- C:\Windows\System32\themeui.dll
2013-07-16 04:35:16 615936 ----a-w- C:\Windows\SysWow64\themeui.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-24 21:02:52 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 21:02:52 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-24 21:02:52 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-24 21:02:52 263592 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-06-24 21:02:52 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-06-24 21:02:52 175016 ----a-w- C:\Windows\SysWow64\java.exe
.
============= FINISH: 21:57:35.73 ===============

ATTACH.TXT

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 4/1/2009 2:47:45 AM
System Uptime: 9/14/2013 6:50:38 PM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T6 WS REVOLUTION
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 413.749 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 450.145 GiB free.
F: is FIXED (NTFS) - 596 GiB total, 471.424 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
AA3Deploy
Acer eDisplay Management
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.8)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BovadaPoker
Canon Easy-PhotoPrint EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Catalina Savings Printer
Creation Kit
CyberLink DVD Suite
Download Manager 2.3.10
Dragon Age DLC Service
Dragon Age II
Dragon Age Origins - Ultimate Edition
Dragon Age: Origins
EA Installer
EA Shared Game Component: Activation
EPU-6 Engine
ESET Online Scanner v3
EVGA Precision 1.4.0
Express Gate
Fallout: New Vegas
Fraps
GameFly
GameStop App
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
Google Chrome
Google Earth Plug-in
Google Update Helper
HGTV Instant Makeover Workshop
Host OpenAL (ADI)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel(R) Processor ID Utility
iTunes
Java 7 Update 25
Java Auto Updater
Kaspersky Internet Security 2013
Left 4 Dead
Left 4 Dead 2 Demo
LG ODD Auto Firmware Update
Lightworks
Malwarebytes Anti-Malware version 1.70.0.1100
marvell 61xx
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Move Media Player
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenOffice.org 3.2
Oracle VM VirtualBox 4.2.18
Origin
Overhead Door Configurator
Peggle Extreme
PhotoStage Slideshow Producer
Pivot Software
PokerStars
Portal
Prism Video File Converter
Puzzle Agent
PVSonyDll
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek 8169 8168 8101E 8102E Ethernet Driver
RealUpgrade 1.1
RivaTuner v2.24
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Sid Meier's Civilization V
SoundMAX
Steam
swMSM
System Requirements Lab
The Elder Scrolls V: Skyrim
Torchlight II
TrueCrypt
TurboV
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VideoPad Video Editor
Vista Codec Package
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio C++ 10.0 Runtime
VLC media player 1.0.3
WavePad Sound Editor
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Live ID Sign-in Assistant
WinRAR archiver
x64 Components v2.1.1
.
==== End Of File ===========================

ARK.TXT

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-14 23:09:07
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FALS-00J7B0 rev.05.00K05 931.51GB
Running: 5qb1cdvx.exe; Driver: C:\Users\FRANKN~1\AppData\Local\Temp\axlyykoc.sys

---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!EngAssociateSurface + 328 fffff96000077f38 8 bytes [5C, E7, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600013f900 3 bytes [00, 83, 02]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600013f904 3 bytes [41, B7, FA]
.text ... * 128
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_pvAllocRbrush + 300 fffff960001e3c98 8 bytes [A8, E9, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_ulGetBrushColor + 44 fffff960001e3d48 8 bytes [7C, E3, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!CLIPOBJ_GetRgn + 180 fffff960001e42a8 8 bytes [FC, E7, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngAllocSectionMem + 196 fffff960001e4a08 8 bytes [5C, EE, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 346 fffff960001e8ba6 6 bytes {JMP QWORD [RIP+0x287bc]}
.text C:\Windows\System32\win32k.sys!EngCreateBitmap + 44 fffff960001ea638 8 bytes [DC, E5, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreateEvent + 88 fffff960001ef928 8 bytes [74, EB, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngOffsetRgn + 664 fffff960001f0218 8 bytes {CALL 0x6006e1fa}
.text C:\Windows\System32\win32k.sys!EngGetFilePath + 88 fffff960001f0278 8 bytes [54, F3, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngUnlockDriverObj + 44 fffff96000201048 8 bytes [F4, EA, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetPrinterDriver + 32 fffff96000207d98 8 bytes [60, F7, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetTickCount + 24 fffff960002083c8 8 bytes [98, EC, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFindImageProcAddress + 316 fffff9600020a4b8 8 bytes [60, FC, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFntCacheFault + 716  fffff9600020fcc8 8 bytes [70, ED, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngUnmapFile + 776 fffff96000211368 8 bytes [0C, FA, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetPrinterDataFileName + 8 fffff96000211378 8 bytes [50, EF, E1, 06, 60, FA, FF, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[2572] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077ed9ab8 5 bytes JMP 0000000173762066
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075c20827 5 bytes JMP 000000015c1d9ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075c3081c 5 bytes JMP 000000015c329114
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075c32483 5 bytes JMP 000000015c329179
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075c34b7c 5 bytes JMP 000000015c32909b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075c49b0b 5 bytes JMP 000000015c329022
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075c55fb7 5 bytes JMP 000000015c13189b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075c56397 5 bytes JMP 000000015c3291de
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075c6d3ad 5 bytes JMP 000000015c328fbe
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075c6d3d1 5 bytes JMP 000000015c328f57
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000775e70a6 5 bytes JMP 000000015c329393
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007433881c 5 bytes JMP 000000015c329243
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074338834 5 bytes JMP 000000015c3292eb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[6132] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000774fed29 5 bytes JMP 000000015c32958b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077f04572 6 bytes JMP 000000015c19980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077f0457d 6 bytes JMP 000000015c1f805c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075e78312 5 bytes JMP 000000015c1975e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075c17bb3 5 bytes JMP 000000015c1f7ff9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075c2010d 5 bytes JMP 000000015c21ed20
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075c203d2 5 bytes JMP 000000015c1d25b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075c20827 5 bytes JMP 000000015c1d9ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c217ea 5 bytes JMP 000000015c2003e7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075c2280d 5 bytes JMP 000000015c1a3643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075c3081c 5 bytes JMP 000000015c329114
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075c32483 5 bytes JMP 000000015c329179
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075c34b7c 5 bytes JMP 000000015c32909b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075c49b0b 5 bytes JMP 000000015c329022
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075c55fb7 5 bytes JMP 000000015c13189b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075c56397 5 bytes JMP 000000015c3291de
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075c6d3ad 5 bytes JMP 000000015c328fbe
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075c6d3d1 5 bytes JMP 000000015c328f57
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075a31e80 5 bytes JMP 000000015c329947
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000077583df0 5 bytes JMP 000000015c329abd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000077583e40 5 bytes JMP 000000015c329a3f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 000000007758462b 5 bytes JMP 000000015c3299b1
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000775874bc 5 bytes JMP 000000015c329a5d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000775e70a6 5 bytes JMP 000000015c329393
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007433881c 5 bytes JMP 000000015c329243
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074338834 5 bytes JMP 000000015c3292eb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11224] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000774fed29 5 bytes JMP 000000015c32958b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077f04572 6 bytes JMP 000000015c19980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 0000000077f0457d 6 bytes JMP 000000015c1f805c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075e78312 5 bytes JMP 000000015c1975e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075c17bb3 5 bytes JMP 000000015c1f7ff9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075c2010d 5 bytes JMP 000000015c21ed20
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075c203d2 5 bytes JMP 000000015c1d25b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075c20827 5 bytes JMP 000000015c1d9ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c217ea 5 bytes JMP 000000015c2003e7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075c2280d 5 bytes JMP 000000015c1a3643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075c3081c 5 bytes JMP 000000015c329114
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075c32483 5 bytes JMP 000000015c329179
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075c34b7c 5 bytes JMP 000000015c32909b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075c49b0b 5 bytes JMP 000000015c329022
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075c55fb7 5 bytes JMP 000000015c13189b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075c56397 5 bytes JMP 000000015c3291de
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075c6d3ad 5 bytes JMP 000000015c328fbe
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075c6d3d1 5 bytes JMP 000000015c328f57
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075a31e80 5 bytes JMP 000000015c329947
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000077583df0 5 bytes JMP 000000015c329abd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString  0000000077583e40 5 bytes JMP 000000015c329a3f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 000000007758462b 5 bytes JMP 000000015c3299b1
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000775874bc 5 bytes JMP 000000015c329a5d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000775e70a6 5 bytes JMP 000000015c329393
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007433881c 5 bytes JMP 000000015c329243
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074338834 5 bytes JMP 000000015c3292eb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[11096] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 00000000774fed29 5 bytes JMP 000000015c32958b
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{16f8eadc-f632-4967-a1d5-6589e47bd437}@Dhcpv6State 0
---- EOF - GMER 2.1 ----


----------



## Cookiegal (Aug 27, 2003)

Please go  here and download the *TDSSKiller.exe* to your desktop.

Double-click to TDSSKiller.exe on your desktop to run it.
Click on *Start Scan*
As we don't want to fix anything yet, if any malicious objects are detected, *do NOT select Cure* but select *Skip* instead.
It will produce a log once it finishes in the root drive which should look like this example:

C:\TDSSKiller.<version_date_time>log.txt

Please copy and paste the contents of that log in your next reply.


----------



## Franknj229 (Sep 21, 2009)

22:35:25.0578 7184 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:35:26.0058 7184 ============================================================
22:35:26.0058 7184 Current date / time: 2013/09/15 22:35:26.0058
22:35:26.0058 7184 SystemInfo:
22:35:26.0058 7184 
22:35:26.0058 7184 OS Version: 6.0.6002 ServicePack: 2.0
22:35:26.0058 7184 Product type: Workstation
22:35:26.0058 7184 ComputerName: FRANKNJ229-PC
22:35:26.0058 7184 UserName: Franknj229
22:35:26.0058 7184 Windows directory: C:\Windows
22:35:26.0058 7184 System windows directory: C:\Windows
22:35:26.0058 7184 Running under WOW64
22:35:26.0058 7184 Processor architecture: Intel x64
22:35:26.0058 7184 Number of processors: 8
22:35:26.0058 7184 Page size: 0x1000
22:35:26.0058 7184 Boot type: Normal boot
22:35:26.0058 7184 ============================================================
22:35:27.0027 7184 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:35:27.0061 7184 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:35:27.0065 7184 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:35:27.0528 7184 ============================================================
22:35:27.0528 7184 \Device\Harddisk0\DR0:
22:35:27.0528 7184 MBR partitions:
22:35:27.0528 7184 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:35:27.0528 7184 \Device\Harddisk1\DR1:
22:35:27.0536 7184 MBR partitions:
22:35:27.0536 7184 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
22:35:27.0536 7184 \Device\Harddisk2\DR2:
22:35:27.0536 7184 MBR partitions:
22:35:27.0536 7184 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74705982
22:35:27.0536 7184 ============================================================
22:35:27.0562 7184 C: <-> \Device\Harddisk0\DR0\Partition1
22:35:27.0624 7184 E: <-> \Device\Harddisk2\DR2\Partition1
22:35:27.0637 7184 F: <-> \Device\Harddisk1\DR1\Partition1
22:35:27.0637 7184 ============================================================
22:35:27.0637 7184 Initialize success
22:35:27.0637 7184 ============================================================
22:35:30.0795 8496 ============================================================
22:35:30.0795 8496 Scan started
22:35:30.0795 8496 Mode: Manual; 
22:35:30.0795 8496 ============================================================
22:35:32.0390 8496 ================ Scan system memory ========================
22:35:32.0390 8496 System memory - ok
22:35:32.0390 8496 ================ Scan services =============================
22:35:33.0104 8496 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
22:35:33.0108 8496 ACPI - ok
22:35:33.0152 8496 [ 59AA63B5DCC9B99C25ACC1BC5E9E6816 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
22:35:33.0157 8496 ADIHdAudAddService - ok
22:35:33.0230 8496 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:35:33.0281 8496 AdobeARMservice - ok
22:35:33.0413 8496 [ 7BBAF543CABE8A8D275BC7F6C66C1959 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:35:33.0448 8496 AdobeFlashPlayerUpdateSvc - ok
22:35:33.0465 8496 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:35:33.0471 8496 adp94xx - ok
22:35:33.0491 8496 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:35:33.0495 8496 adpahci - ok
22:35:33.0507 8496 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
22:35:33.0509 8496 adpu160m - ok
22:35:33.0523 8496 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:35:33.0525 8496 adpu320 - ok
22:35:33.0537 8496 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
22:35:33.0539 8496 AEADIFilters - ok
22:35:33.0558 8496 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:35:33.0563 8496 AeLookupSvc - ok
22:35:33.0588 8496 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
22:35:33.0601 8496 AFD - ok
22:35:33.0613 8496 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:35:33.0614 8496 agp440 - ok
22:35:33.0626 8496 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
22:35:33.0628 8496 aic78xx - ok
22:35:33.0646 8496 [ CCC1C25DDAE3FCF39D0849F6AFB19DDE ] aksdf C:\Windows\system32\drivers\aksdf.sys
22:35:33.0658 8496 aksdf - ok
22:35:33.0699 8496 [ BA2342582697D66A2BFE84B702BDD78F ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
22:35:33.0701 8496 aksfridge - ok
22:35:33.0719 8496 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
22:35:33.0730 8496 ALG - ok
22:35:33.0741 8496 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
22:35:33.0747 8496 aliide - ok
22:35:33.0767 8496 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
22:35:33.0781 8496 amdide - ok
22:35:33.0792 8496 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:35:33.0794 8496 AmdK8 - ok
22:35:33.0814 8496 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
22:35:33.0815 8496 Appinfo - ok
22:35:33.0865 8496 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:35:33.0918 8496 Apple Mobile Device - ok
22:35:33.0992 8496 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
22:35:34.0021 8496 arc - ok
22:35:34.0046 8496 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:35:34.0052 8496 arcsas - ok
22:35:34.0098 8496 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
22:35:34.0103 8496 AsIO - ok
22:35:34.0152 8496 aspnet_state - ok
22:35:34.0219 8496 [ EDABC3FA8F941D2047DA630E95E936C7 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
22:35:34.0222 8496 AsSysCtrlService - ok
22:35:34.0227 8496 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:35:34.0228 8496 AsyncMac - ok
22:35:34.0243 8496 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
22:35:34.0243 8496 atapi - ok
22:35:34.0274 8496 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:35:34.0290 8496 AudioEndpointBuilder - ok
22:35:34.0296 8496 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:35:34.0298 8496 AudioSrv - ok
22:35:34.0347 8496 [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
22:35:34.0350 8496 AVP - ok
22:35:34.0353 8496 Beep - ok
22:35:34.0385 8496 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
22:35:34.0391 8496 BFE - ok
22:35:34.0468 8496 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
22:35:34.0481 8496 BITS - ok
22:35:34.0497 8496 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
22:35:34.0507 8496 blbdrive - ok
22:35:34.0562 8496 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:35:34.0602 8496 Bonjour Service - ok
22:35:34.0630 8496 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:35:34.0632 8496 bowser - ok
22:35:34.0640 8496 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
22:35:34.0642 8496 BrFiltLo - ok
22:35:34.0652 8496 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
22:35:34.0653 8496 BrFiltUp - ok
22:35:34.0680 8496 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
22:35:34.0681 8496 Browser - ok
22:35:34.0692 8496 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
22:35:34.0707 8496 Brserid - ok
22:35:34.0718 8496 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
22:35:34.0719 8496 BrSerWdm - ok
22:35:34.0730 8496 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
22:35:34.0731 8496 BrUsbMdm - ok
22:35:34.0741 8496 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
22:35:34.0752 8496 BrUsbSer - ok
22:35:34.0764 8496 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:35:34.0765 8496 BTHMODEM - ok
22:35:34.0779 8496 catchme - ok
22:35:34.0799 8496 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:35:34.0801 8496 cdfs - ok
22:35:34.0837 8496 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:35:34.0844 8496 cdrom - ok
22:35:34.0859 8496 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
22:35:34.0871 8496 CertPropSvc - ok
22:35:34.0879 8496 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
22:35:34.0891 8496 circlass - ok
22:35:34.0943 8496 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
22:35:34.0947 8496 CLFS - ok
22:35:34.0967 8496 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:35:35.0002 8496 clr_optimization_v2.0.50727_32 - ok
22:35:35.0070 8496 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:35:35.0072 8496 clr_optimization_v2.0.50727_64 - ok
22:35:35.0117 8496 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:35:35.0119 8496 clr_optimization_v4.0.30319_32 - ok
22:35:35.0155 8496 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:35:35.0157 8496 clr_optimization_v4.0.30319_64 - ok
22:35:35.0168 8496 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:35:35.0169 8496 cmdide - ok
22:35:35.0176 8496 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:35:35.0177 8496 Compbatt - ok
22:35:35.0180 8496 COMSysApp - ok
22:35:35.0263 8496 cpuz132 - ok
22:35:35.0279 8496 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:35:35.0280 8496 crcdisk - ok
22:35:35.0313 8496 [ 5AAC48EAF8EACF247DB44FB61B900D89 ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:35:35.0315 8496 CryptSvc - ok
22:35:35.0369 8496 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
22:35:35.0377 8496 DAUpdaterSvc - ok
22:35:35.0423 8496 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:35:35.0427 8496 DcomLaunch - ok
22:35:35.0449 8496 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:35:35.0451 8496 DfsC - ok
22:35:35.0686 8496 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
22:35:35.0726 8496 DFSR - ok
22:35:35.0764 8496 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
22:35:35.0768 8496 Dhcp - ok
22:35:35.0791 8496 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
22:35:35.0793 8496 disk - ok
22:35:35.0835 8496 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:35:35.0844 8496 Dnscache - ok
22:35:35.0893 8496 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
22:35:35.0899 8496 dot3svc - ok
22:35:35.0947 8496 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
22:35:35.0949 8496 DPS - ok
22:35:35.0981 8496 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:35:35.0989 8496 drmkaud - ok
22:35:36.0039 8496 [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
22:35:36.0040 8496 DTSRVC - ok
22:35:36.0043 8496 dvumgzsl - ok
22:35:36.0170 8496 [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:35:36.0193 8496 DXGKrnl - ok
22:35:36.0224 8496 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
22:35:36.0226 8496 E1G60 - ok
22:35:36.0277 8496 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
22:35:36.0284 8496 EapHost - ok
22:35:36.0323 8496 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
22:35:36.0326 8496 Ecache - ok
22:35:36.0328 8496 edygbarx - ok
22:35:36.0395 8496 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:35:36.0409 8496 ehRecvr - ok
22:35:36.0430 8496 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
22:35:36.0432 8496 ehSched - ok
22:35:36.0448 8496 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
22:35:36.0454 8496 ehstart - ok
22:35:36.0523 8496 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:35:36.0536 8496 elxstor - ok
22:35:36.0602 8496 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
22:35:36.0617 8496 EMDMgmt - ok
22:35:36.0628 8496 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:35:36.0636 8496 ErrDev - ok
22:35:36.0679 8496 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
22:35:36.0683 8496 EventSystem - ok
22:35:36.0733 8496 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
22:35:36.0736 8496 exfat - ok
22:35:36.0756 8496 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:35:36.0759 8496 fastfat - ok
22:35:36.0775 8496 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:35:36.0776 8496 fdc - ok
22:35:36.0793 8496 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
22:35:36.0803 8496 fdPHost - ok
22:35:36.0811 8496 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
22:35:36.0821 8496 FDResPub - ok
22:35:36.0827 8496 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:35:36.0829 8496 FileInfo - ok
22:35:36.0841 8496 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:35:36.0849 8496 Filetrace - ok
22:35:36.0857 8496 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:35:36.0858 8496 flpydisk - ok
22:35:36.0882 8496 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:35:36.0886 8496 FltMgr - ok
22:35:36.0981 8496 [ F20A97F51C104DD0A163251325460747 ] FontCache C:\Windows\system32\FntCache.dll
22:35:36.0994 8496 FontCache - ok
22:35:37.0040 8496 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:35:37.0041 8496 FontCache3.0.0.0 - ok
22:35:37.0068 8496 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:35:37.0069 8496 Fs_Rec - ok
22:35:37.0083 8496 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:35:37.0089 8496 gagp30kx - ok
22:35:37.0118 8496 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:35:37.0125 8496 GEARAspiWDM - ok
22:35:37.0127 8496 ghhhadcu - ok
22:35:37.0151 8496 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
22:35:37.0160 8496 gpsvc - ok
22:35:37.0201 8496 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:35:37.0203 8496 gupdate - ok
22:35:37.0206 8496 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:35:37.0207 8496 gupdatem - ok
22:35:37.0259 8496 [ 2C03A69F76A5075C9B63893503A36B87 ] hardlock C:\Windows\system32\drivers\hardlock.sys
22:35:37.0269 8496 hardlock - ok
22:35:37.0272 8496 hasplms - ok
22:35:37.0303 8496 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:35:37.0307 8496 HdAudAddService - ok
22:35:37.0338 8496 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:35:37.0356 8496 HDAudBus - ok
22:35:37.0392 8496 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:35:37.0393 8496 HidBth - ok
22:35:37.0408 8496 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:35:37.0409 8496 HidIr - ok
22:35:37.0432 8496 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
22:35:37.0433 8496 hidserv - ok
22:35:37.0451 8496 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:35:37.0455 8496 HidUsb - ok
22:35:37.0482 8496 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
22:35:37.0484 8496 hkmsvc - ok
22:35:37.0496 8496 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
22:35:37.0498 8496 HpCISSs - ok
22:35:37.0524 8496 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:35:37.0539 8496 HTTP - ok
22:35:37.0557 8496 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
22:35:37.0558 8496 i2omp - ok
22:35:37.0582 8496 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:35:37.0583 8496 i8042prt - ok
22:35:37.0599 8496 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
22:35:37.0731 8496 iaStorV - ok
22:35:37.0778 8496 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:35:37.0780 8496 IDriverT - ok
22:35:37.0850 8496 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:35:37.0861 8496 idsvc - ok
22:35:37.0875 8496 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:35:37.0886 8496 iirsp - ok
22:35:37.0916 8496 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
22:35:37.0922 8496 IKEEXT - ok
22:35:37.0940 8496 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
22:35:37.0952 8496 intelide - ok
22:35:37.0960 8496 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:35:37.0961 8496 intelppm - ok
22:35:37.0997 8496 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:35:38.0005 8496 IPBusEnum - ok
22:35:38.0039 8496 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:35:38.0051 8496 IpFilterDriver - ok
22:35:38.0089 8496 [ BF0DBFA9792C5C14FA00F61C75116C1B ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
22:35:38.0101 8496 IpHlpSvc - ok
22:35:38.0103 8496 IpInIp - ok
22:35:38.0121 8496 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
22:35:38.0128 8496 IPMIDRV - ok
22:35:38.0141 8496 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
22:35:38.0154 8496 IPNAT - ok
22:35:38.0287 8496 [ 78486992AC657AE5065C4A2135838570 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:35:38.0294 8496 iPod Service - ok
22:35:38.0317 8496 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:35:38.0326 8496 IRENUM - ok
22:35:38.0355 8496 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:35:38.0366 8496 isapnp - ok
22:35:38.0394 8496 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:35:38.0406 8496 iScsiPrt - ok
22:35:38.0418 8496 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
22:35:38.0427 8496 iteatapi - ok
22:35:38.0435 8496 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
22:35:38.0441 8496 iteraid - ok
22:35:38.0443 8496 juekuvjz - ok
22:35:38.0458 8496 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:35:38.0467 8496 kbdclass - ok
22:35:38.0481 8496 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:35:38.0485 8496 kbdhid - ok
22:35:38.0502 8496 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
22:35:38.0526 8496 KeyIso - ok
22:35:38.0617 8496 [ 8B5219318DF5895ABD230C373F2DF18A ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
22:35:38.0636 8496 kl1 - ok
22:35:38.0760 8496 [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF C:\Windows\system32\DRIVERS\klif.sys
22:35:38.0763 8496 KLIF - ok
22:35:38.0776 8496 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
22:35:38.0777 8496 KLIM6 - ok
22:35:38.0812 8496 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
22:35:38.0813 8496 klkbdflt - ok
22:35:38.0822 8496 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
22:35:38.0822 8496 klmouflt - ok
22:35:38.0848 8496 [ 45ECF097BC6330C2054D7D43B7AD822B ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
22:35:38.0849 8496 kltdi - ok
22:35:38.0874 8496 [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps C:\Windows\system32\DRIVERS\kneps.sys
22:35:38.0876 8496 kneps - ok
22:35:38.0900 8496 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:35:38.0909 8496 KSecDD - ok
22:35:38.0923 8496 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:35:38.0924 8496 ksthunk - ok
22:35:38.0963 8496 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
22:35:38.0973 8496 KtmRm - ok
22:35:39.0030 8496 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
22:35:39.0034 8496 LanmanServer - ok
22:35:39.0050 8496 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:35:39.0053 8496 LanmanWorkstation - ok
22:35:39.0066 8496 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:35:39.0078 8496 lltdio - ok
22:35:39.0099 8496 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:35:39.0103 8496 lltdsvc - ok
22:35:39.0116 8496 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:35:39.0117 8496 lmhosts - ok
22:35:39.0119 8496 lowqnqxo - ok
22:35:39.0132 8496 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:35:39.0134 8496 LSI_FC - ok
22:35:39.0149 8496 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:35:39.0150 8496 LSI_SAS - ok
22:35:39.0161 8496 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:35:39.0163 8496 LSI_SCSI - ok
22:35:39.0172 8496 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
22:35:39.0174 8496 luafv - ok
22:35:39.0194 8496 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:35:39.0210 8496 Mcx2Svc - ok
22:35:39.0224 8496 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
22:35:39.0233 8496 megasas - ok
22:35:39.0253 8496 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
22:35:39.0258 8496 MegaSR - ok
22:35:39.0279 8496 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
22:35:39.0281 8496 MMCSS - ok
22:35:39.0302 8496 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
22:35:39.0378 8496 Modem - ok
22:35:39.0444 8496 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:35:39.0463 8496 monitor - ok
22:35:39.0492 8496 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:35:39.0493 8496 mouclass - ok
22:35:39.0552 8496 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:35:39.0553 8496 mouhid - ok
22:35:39.0618 8496 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
22:35:39.0619 8496 MountMgr - ok
22:35:39.0632 8496 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
22:35:39.0634 8496 mpio - ok
22:35:39.0647 8496 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:35:39.0649 8496 mpsdrv - ok
22:35:39.0693 8496 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
22:35:39.0700 8496 MpsSvc - ok
22:35:39.0718 8496 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
22:35:39.0719 8496 Mraid35x - ok
22:35:39.0743 8496 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:35:39.0745 8496 MRxDAV - ok
22:35:39.0778 8496 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:35:39.0787 8496 mrxsmb - ok
22:35:39.0812 8496 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:35:39.0816 8496 mrxsmb10 - ok
22:35:39.0819 8496 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:35:39.0821 8496 mrxsmb20 - ok
22:35:39.0832 8496 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
22:35:39.0841 8496 msahci - ok
22:35:39.0854 8496 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:35:39.0856 8496 msdsm - ok
22:35:39.0865 8496 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
22:35:39.0873 8496 MSDTC - ok
22:35:39.0891 8496 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:35:39.0895 8496 Msfs - ok
22:35:39.0906 8496 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:35:39.0917 8496 msisadrv - ok
22:35:39.0956 8496 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:35:39.0958 8496 MSiSCSI - ok
22:35:39.0961 8496 msiserver - ok
22:35:39.0976 8496 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:35:39.0977 8496 MSKSSRV - ok
22:35:39.0989 8496 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:35:39.0990 8496 MSPCLOCK - ok
22:35:39.0999 8496 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:35:40.0010 8496 MSPQM - ok
22:35:40.0038 8496 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:35:40.0042 8496 MsRPC - ok
22:35:40.0061 8496 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:35:40.0063 8496 mssmbios - ok
22:35:40.0076 8496 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:35:40.0077 8496 MSTEE - ok
22:35:40.0098 8496 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
22:35:40.0104 8496 MTsensor - ok
22:35:40.0114 8496 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
22:35:40.0126 8496 Mup - ok
22:35:40.0146 8496 [ E884FD7FB31BC82041AAB75BE5C81EEF ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
22:35:40.0149 8496 mv61xx - ok
22:35:40.0173 8496 [ 6E6A3ADF84ED72514C65484AF6E51242 ] mv64xx C:\Windows\system32\DRIVERS\mv64xx.sys
22:35:40.0177 8496 mv64xx - ok
22:35:40.0204 8496 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
22:35:40.0209 8496 napagent - ok
22:35:40.0270 8496 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:35:40.0272 8496 NativeWifiP - ok
22:35:40.0274 8496 nbdvbzzw - ok
22:35:40.0312 8496 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:35:40.0325 8496 NDIS - ok
22:35:40.0339 8496 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:35:40.0340 8496 NdisTapi - ok
22:35:40.0352 8496 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:35:40.0362 8496 Ndisuio - ok
22:35:40.0395 8496 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:35:40.0398 8496 NdisWan - ok
22:35:40.0400 8496 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:35:40.0402 8496 NDProxy - ok
22:35:40.0413 8496 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:35:40.0415 8496 NetBIOS - ok
22:35:40.0438 8496 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
22:35:40.0453 8496 netbt - ok
22:35:40.0461 8496 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
22:35:40.0461 8496 Netlogon - ok
22:35:40.0493 8496 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
22:35:40.0498 8496 Netman - ok
22:35:40.0540 8496 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
22:35:40.0543 8496 netprofm - ok
22:35:40.0572 8496 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:35:40.0573 8496 NetTcpPortSharing - ok
22:35:40.0585 8496 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:35:40.0586 8496 nfrd960 - ok
22:35:40.0597 8496 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
22:35:40.0600 8496 NlaSvc - ok
22:35:40.0694 8496 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
22:35:40.0714 8496 NMIndexingService - ok
22:35:40.0748 8496 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:35:40.0750 8496 Npfs - ok
22:35:40.0775 8496 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
22:35:40.0777 8496 nsi - ok
22:35:40.0779 8496 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:35:40.0780 8496 nsiproxy - ok
22:35:40.0860 8496 [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:35:40.0890 8496 Ntfs - ok
22:35:40.0899 8496 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
22:35:40.0900 8496 Null - ok
22:35:42.0158 8496 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:35:42.0434 8496 nvlddmkm - ok
22:35:42.0462 8496 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:35:42.0480 8496 nvraid - ok
22:35:42.0511 8496 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:35:42.0518 8496 nvstor - ok
22:35:42.0613 8496 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:35:42.0632 8496 nvsvc - ok
22:35:42.0825 8496 [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:35:42.0894 8496 nvUpdatusService - ok
22:35:42.0902 8496 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:35:42.0904 8496 nv_agp - ok
22:35:42.0906 8496 NwlnkFlt - ok
22:35:42.0909 8496 NwlnkFwd - ok
22:35:42.0926 8496 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:35:42.0938 8496 ohci1394 - ok
22:35:43.0145 8496 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
22:35:43.0159 8496 p2pimsvc - ok
22:35:43.0176 8496 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
22:35:43.0180 8496 p2psvc - ok
22:35:43.0198 8496 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
22:35:43.0206 8496 Parport - ok
22:35:43.0224 8496 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:35:43.0233 8496 partmgr - ok
22:35:43.0266 8496 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
22:35:43.0274 8496 PcaSvc - ok
22:35:43.0320 8496 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
22:35:43.0322 8496 pci - ok
22:35:43.0356 8496 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
22:35:43.0357 8496 pciide - ok
22:35:43.0393 8496 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:35:43.0404 8496 pcmcia - ok
22:35:43.0434 8496 [ FD1BB23371EE2E5E3076D7B0D8B33E91 ] PdiPorts  C:\Windows\system32\DRIVERS\PdiPorts.sys
22:35:43.0449 8496 PdiPorts - ok
22:35:43.0519 8496 [ A1F1260AD7AEABA9D53724E66AA274BA ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
22:35:43.0549 8496 PdiService - ok
22:35:43.0617 8496 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:35:43.0637 8496 PEAUTH - ok
22:35:43.0811 8496 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:35:43.0817 8496 PerfHost - ok
22:35:43.0869 8496 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
22:35:43.0894 8496 pla - ok
22:35:43.0943 8496 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:35:43.0948 8496 PlugPlay - ok
22:35:44.0104 8496 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
22:35:44.0108 8496 PNRPAutoReg - ok
22:35:44.0118 8496 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
22:35:44.0122 8496 PNRPsvc - ok
22:35:44.0144 8496 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:35:44.0151 8496 PolicyAgent - ok
22:35:44.0193 8496 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:35:44.0199 8496 PptpMiniport - ok
22:35:44.0219 8496 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
22:35:44.0221 8496 Processor - ok
22:35:44.0266 8496 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
22:35:44.0269 8496 ProfSvc - ok
22:35:44.0281 8496 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
22:35:44.0281 8496 ProtectedStorage - ok
22:35:44.0303 8496 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
22:35:44.0319 8496 PSched - ok
22:35:44.0493 8496 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:35:44.0517 8496 ql2300 - ok
22:35:44.0536 8496 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:35:44.0549 8496 ql40xx - ok
22:35:44.0600 8496 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
22:35:44.0609 8496 QWAVE - ok
22:35:44.0680 8496 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:35:44.0685 8496 QWAVEdrv - ok
22:35:44.0722 8496 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:35:44.0730 8496 RasAcd - ok
22:35:44.0768 8496 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
22:35:44.0809 8496 RasAuto - ok
22:35:44.0884 8496 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:35:44.0894 8496 Rasl2tp - ok
22:35:44.0949 8496 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
22:35:44.0990 8496 RasMan - ok
22:35:45.0033 8496 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:35:45.0040 8496 RasPppoe - ok
22:35:45.0085 8496 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:35:45.0094 8496 RasSstp - ok
22:35:45.0133 8496 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:35:45.0145 8496 rdbss - ok
22:35:45.0165 8496 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:35:45.0168 8496 RDPCDD - ok
22:35:45.0238 8496 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
22:35:45.0256 8496 rdpdr - ok
22:35:45.0258 8496 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:35:45.0259 8496 RDPENCDD - ok
22:35:45.0302 8496 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:35:45.0305 8496 RDPWD - ok
22:35:45.0328 8496 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:35:45.0338 8496 RemoteAccess - ok
22:35:45.0384 8496 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:35:45.0395 8496 RemoteRegistry - ok
22:35:45.0453 8496 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys
22:35:45.0465 8496 RivaTuner64 - ok
22:35:45.0500 8496 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
22:35:45.0512 8496 RpcLocator - ok
22:35:45.0604 8496 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\System32\rpcss.dll
22:35:45.0607 8496 RpcSs - ok
22:35:45.0621 8496 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:35:45.0625 8496 rspndr - ok
22:35:45.0657 8496 [ A2CBE070FBA458357ACEF41C3F3906CA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
22:35:45.0668 8496 RTL8169 - ok
22:35:45.0682 8496 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
22:35:45.0683 8496 SamSs - ok
22:35:45.0698 8496 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:35:45.0704 8496 sbp2port - ok
22:35:45.0735 8496 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:35:45.0738 8496 SCardSvr - ok
22:35:45.0791 8496 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
22:35:45.0823 8496 Schedule - ok
22:35:45.0850 8496 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
22:35:45.0851 8496 SCPolicySvc - ok
22:35:45.0884 8496 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:35:45.0895 8496 SDRSVC - ok
22:35:45.0945 8496 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:35:45.0977 8496 SeaPort - ok
22:35:46.0004 8496 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:35:46.0006 8496 secdrv - ok
22:35:46.0014 8496 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
22:35:46.0016 8496 seclogon - ok
22:35:46.0024 8496 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
22:35:46.0026 8496 SENS - ok
22:35:46.0035 8496 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
22:35:46.0036 8496 Serenum - ok
22:35:46.0046 8496 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
22:35:46.0048 8496 Serial - ok
22:35:46.0083 8496 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:35:46.0095 8496 sermouse - ok
22:35:46.0136 8496 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
22:35:46.0138 8496 SessionEnv - ok
22:35:46.0169 8496 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:35:46.0170 8496 sffdisk - ok
22:35:46.0181 8496 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:35:46.0198 8496 sffp_mmc - ok
22:35:46.0221 8496 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:35:46.0222 8496 sffp_sd - ok
22:35:46.0232 8496 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:35:46.0233 8496 sfloppy - ok
22:35:46.0256 8496 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:35:46.0261 8496 SharedAccess - ok
22:35:46.0299 8496 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:35:46.0303 8496 ShellHWDetection - ok
22:35:46.0315 8496 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
22:35:46.0317 8496 SiSRaid2 - ok
22:35:46.0330 8496 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:35:46.0342 8496 SiSRaid4 - ok
22:35:46.0434 8496 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
22:35:46.0562 8496 slsvc - ok
22:35:46.0602 8496 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
22:35:46.0609 8496 SLUINotify - ok
22:35:46.0639 8496 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:35:46.0641 8496 Smb - ok
22:35:46.0666 8496 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:35:46.0677 8496 SNMPTRAP - ok
22:35:46.0695 8496 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
22:35:46.0701 8496 spldr - ok
22:35:46.0731 8496 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
22:35:46.0739 8496 Spooler - ok
22:35:46.0791 8496 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
22:35:46.0820 8496 srv - ok
22:35:46.0842 8496 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:35:46.0853 8496 srv2 - ok
22:35:46.0878 8496 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:35:46.0881 8496 srvnet - ok
22:35:46.0919 8496 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:35:46.0926 8496 SSDPSRV - ok
22:35:46.0951 8496 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:35:46.0953 8496 SstpSvc - ok
22:35:47.0071 8496 [ 3DBF9D2E5DE3A72B37AB27ABB79FEE69 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
22:35:47.0125 8496 Steam Client Service - ok
22:35:47.0216 8496 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:35:47.0220 8496 Stereo Service - ok
22:35:47.0273 8496 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
22:35:47.0280 8496 stisvc - ok
22:35:47.0312 8496 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:35:47.0318 8496 swenum - ok
22:35:47.0344 8496 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
22:35:47.0350 8496 swprv - ok
22:35:47.0370 8496 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
22:35:47.0372 8496 Symc8xx - ok
22:35:47.0378 8496 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
22:35:47.0379 8496 Sym_hi - ok
22:35:47.0398 8496 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
22:35:47.0400 8496 Sym_u3 - ok
22:35:47.0430 8496 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
22:35:47.0451 8496 SysMain - ok
22:35:47.0483 8496 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:35:47.0504 8496 TabletInputService - ok
22:35:47.0530 8496 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:35:47.0535 8496 TapiSrv - ok
22:35:47.0541 8496 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
22:35:47.0543 8496 TBS - ok
22:35:47.0653 8496 [ C2CB949645C299E23FBFD26CAD3FC96E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:35:47.0688 8496 Tcpip - ok
22:35:47.0746 8496 [ C2CB949645C299E23FBFD26CAD3FC96E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
22:35:47.0752 8496 Tcpip6 - ok
22:35:47.0790 8496 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:35:47.0797 8496 tcpipreg - ok
22:35:47.0808 8496 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:35:47.0809 8496 TDPIPE - ok
22:35:47.0820 8496 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:35:47.0825 8496 TDTCP - ok
22:35:47.0849 8496 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:35:47.0868 8496 tdx - ok
22:35:47.0897 8496 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:35:47.0898 8496 TermDD - ok
22:35:47.0927 8496 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
22:35:47.0934 8496 TermService - ok
22:35:47.0949 8496 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
22:35:47.0951 8496 Themes - ok
22:35:47.0959 8496 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
22:35:47.0960 8496 THREADORDER - ok
22:35:48.0009 8496 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
22:35:48.0012 8496 TrkWks - ok
22:35:48.0061 8496 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
22:35:48.0064 8496 truecrypt - ok
22:35:48.0111 8496 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:35:48.0112 8496 TrustedInstaller - ok
22:35:48.0168 8496 [ B2388462329ACD17AF50D8701E0C1B18 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:35:48.0174 8496 tssecsrv - ok
22:35:48.0194 8496 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
22:35:48.0206 8496 tunmp - ok
22:35:48.0235 8496 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:35:48.0236 8496 tunnel - ok
22:35:48.0258 8496 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:35:48.0265 8496 uagp35 - ok
22:35:48.0294 8496 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:35:48.0298 8496 udfs - ok
22:35:48.0323 8496 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:35:48.0325 8496 UI0Detect - ok
22:35:48.0340 8496 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:35:48.0352 8496 uliagpkx - ok
22:35:48.0371 8496 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
22:35:48.0375 8496 uliahci - ok
22:35:48.0409 8496 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
22:35:48.0411 8496 UlSata - ok
22:35:48.0423 8496 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
22:35:48.0426 8496 ulsata2 - ok
22:35:48.0447 8496 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:35:48.0453 8496 umbus - ok
22:35:48.0470 8496 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
22:35:48.0475 8496 upnphost - ok
22:35:48.0495 8496 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:35:48.0497 8496 USBAAPL64 - ok
22:35:48.0512 8496 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:35:48.0514 8496 usbaudio - ok
22:35:48.0566 8496 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:35:48.0582 8496 usbccgp - ok
22:35:48.0598 8496 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:35:48.0605 8496 usbcir - ok
22:35:48.0622 8496 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:35:48.0624 8496 usbehci - ok
22:35:48.0650 8496 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:35:48.0654 8496 usbhub - ok
22:35:48.0673 8496 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:35:48.0675 8496 usbohci - ok
22:35:48.0694 8496 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:35:48.0700 8496 usbprint - ok
22:35:48.0714 8496 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:35:48.0719 8496 usbscan - ok
22:35:48.0739 8496 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:35:48.0741 8496 USBSTOR - ok
22:35:48.0748 8496 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
22:35:48.0750 8496 usbuhci - ok
22:35:48.0773 8496 [ C690C8B45DB67DBA284B72D1FD649D2C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
22:35:48.0778 8496 usb_rndisx - ok
22:35:48.0802 8496 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
22:35:48.0804 8496 UxSms - ok
22:35:48.0830 8496 [ 2292941A3522B2AEB2C4138B8336027B ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
22:35:48.0842 8496 VBoxDrv - ok
22:35:48.0870 8496 [ 7BA06676AC91AF2EEAB05BCC70F14003 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
22:35:48.0877 8496 VBoxNetAdp - ok
22:35:48.0932 8496 [ 4628619D91EB87183977158AA8386A7A ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
22:35:48.0939 8496 VBoxNetFlt - ok
22:35:48.0963 8496 [ 1E821B0057C861F6AFE88187466F7CA4 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
22:35:48.0977 8496 VBoxUSB - ok
22:35:49.0034 8496 [ 93BDA0BF20F02E509354D1EBDE69E300 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
22:35:49.0052 8496 VBoxUSBMon - ok
22:35:49.0087 8496 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
22:35:49.0108 8496 vds - ok
22:35:49.0130 8496 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:35:49.0136 8496 vga - ok
22:35:49.0154 8496 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:35:49.0156 8496 VgaSave - ok
22:35:49.0164 8496 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
22:35:49.0165 8496 viaide - ok
22:35:49.0187 8496 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:35:49.0189 8496 volmgr - ok
22:35:49.0227 8496 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:35:49.0232 8496 volmgrx - ok
22:35:49.0250 8496 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:35:49.0254 8496 volsnap - ok
22:35:49.0284 8496 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:35:49.0286 8496 vsmraid - ok
22:35:49.0330 8496 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
22:35:49.0349 8496 VSS - ok
22:35:49.0373 8496 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
22:35:49.0378 8496 W32Time - ok
22:35:49.0393 8496 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:35:49.0394 8496 WacomPen - ok
22:35:49.0436 8496 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
22:35:49.0447 8496 Wanarp - ok
22:35:49.0450 8496 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:35:49.0450 8496 Wanarpv6 - ok
22:35:49.0553 8496 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:35:49.0563 8496 wcncsvc - ok
22:35:49.0590 8496 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:35:49.0601 8496 WcsPlugInService - ok
22:35:49.0623 8496 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
22:35:49.0635 8496 Wd - ok
22:35:49.0664 8496 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
22:35:49.0669 8496 WDC_SAM - ok
22:35:49.0778 8496 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:35:49.0802 8496 Wdf01000 - ok
22:35:49.0823 8496 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:35:49.0831 8496 WdiServiceHost - ok
22:35:49.0833 8496 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:35:49.0834 8496 WdiSystemHost - ok
22:35:49.0850 8496 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
22:35:49.0853 8496 WebClient - ok
22:35:49.0906 8496 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:35:49.0913 8496 Wecsvc - ok
22:35:49.0923 8496 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:35:49.0929 8496 wercplsupport - ok
22:35:49.0938 8496 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
22:35:49.0949 8496 WerSvc - ok
22:35:50.0087 8496 WinDefend - ok
22:35:50.0089 8496 WinHttpAutoProxySvc - ok
22:35:50.0174 8496 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:35:50.0186 8496 Winmgmt - ok
22:35:50.0299 8496 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
22:35:50.0347 8496 WinRM - ok
22:35:50.0405 8496 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:35:50.0425 8496 Wlansvc - ok
22:35:50.0704 8496 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:35:50.0761 8496 wlidsvc - ok
22:35:50.0796 8496 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:35:50.0807 8496 WmiAcpi - ok
22:35:50.0846 8496 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:35:50.0858 8496 wmiApSrv - ok
22:35:50.0882 8496 WMPNetworkSvc - ok
22:35:50.0920 8496 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:35:50.0931 8496 WPCSvc - ok
22:35:50.0953 8496 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:35:50.0964 8496 WPDBusEnum - ok
22:35:50.0999 8496 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
22:35:51.0004 8496 WpdUsb - ok
22:35:51.0289 8496 [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:35:51.0312 8496 WPFFontCache_v0400 - ok
22:35:51.0328 8496 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:35:51.0329 8496 ws2ifsl - ok
22:35:51.0361 8496 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
22:35:51.0370 8496 wscsvc - ok
22:35:51.0372 8496 WSearch - ok
22:35:51.0543 8496 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:35:51.0595 8496 wuauserv - ok
22:35:51.0614 8496 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:35:51.0627 8496 WudfPf - ok
22:35:51.0661 8496 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:35:51.0673 8496 WUDFRd - ok
22:35:51.0687 8496 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:35:51.0693 8496 wudfsvc - ok
22:35:51.0699 8496 ================ Scan global ===============================
22:35:51.0731 8496 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
22:35:51.0820 8496 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
22:35:51.0851 8496 [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
22:35:51.0908 8496 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
22:35:51.0918 8496 [Global] - ok
22:35:51.0919 8496 ================ Scan MBR ==================================
22:35:51.0933 8496 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:35:52.0465 8496 \Device\Harddisk0\DR0 - ok
22:35:52.0489 8496 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
22:35:52.0513 8496 \Device\Harddisk1\DR1 - ok
22:35:52.0981 8496 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk2\DR2
22:35:52.0984 8496 \Device\Harddisk2\DR2 - ok
22:35:52.0984 8496 ================ Scan VBR ==================================
22:35:52.0991 8496 [ AA196B102977ED3A5D7E43D93C935B97 ] \Device\Harddisk0\DR0\Partition1
22:35:52.0993 8496 \Device\Harddisk0\DR0\Partition1 - ok
22:35:52.0995 8496 [ 843733667AFDB121A2A52E03B536DA34 ] \Device\Harddisk1\DR1\Partition1
22:35:52.0996 8496 \Device\Harddisk1\DR1\Partition1 - ok
22:35:53.0007 8496 [ AEBCFDE045DB9EB2E78ACD3EDD304483 ] \Device\Harddisk2\DR2\Partition1
22:35:53.0009 8496 \Device\Harddisk2\DR2\Partition1 - ok
22:35:53.0010 8496 ============================================================
22:35:53.0010 8496 Scan finished
22:35:53.0010 8496 ============================================================
22:35:53.0016 9024 Detected object count: 0
22:35:53.0016 9024 Actual detected object count: 0


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the Recovery Console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

You will also need to disable all of your security programs so they don't interfere with ComboFix. Please visit the following link for more information on how to disable them:

http://www.bleepingcomputer.com/forums/topic114351.html

Be sure to remember to re-enable them right after the scan.

Post the log from ComboFix when you've accomplished that.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read  *HERE * for an article written by dvk01 on why we disable autoruns.


----------



## Franknj229 (Sep 21, 2009)

ComboFix 13-09-16.01 - Franknj229 09/16/2013 21:54:45.4.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.3615 [GMT -4:00]
Running from: c:\users\Franknj229\Desktop\Puppy.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Franknj229\AppData\Local\BcsKtYcHW.dll
c:\users\Franknj229\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\Downloaded Program Files\Install.inf
c:\windows\SysWow64\frapsvid.dll
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-08-17 to 2013-09-17 )))))))))))))))))))))))))))))))
.
.
2013-09-17 02:05 . 2013-09-17 02:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-17 02:05 . 2013-09-17 02:05 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-09-17 02:05 . 2013-09-17 02:05 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-17 02:05 . 2013-09-17 02:05 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-17 02:05 . 2013-09-17 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-13 22:36 . 2013-09-13 22:36 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55B9230F-49C0-4629-8118-F2E9EFB6CCA5}\offreg.dll
2013-09-13 22:18 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55B9230F-49C0-4629-8118-F2E9EFB6CCA5}\mpengine.dll
2013-09-11 15:06 . 2013-08-08 02:03 2775552 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 15:06 . 2013-07-16 09:25 689152 ----a-w- c:\windows\system32\themeui.dll
2013-09-11 15:06 . 2013-07-16 04:35 615936 ----a-w- c:\windows\SysWow64\themeui.dll
2013-09-08 03:24 . 2013-09-08 03:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-09-06 18:25 . 2013-09-06 18:25 146704 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-09-06 18:25 . 2013-09-06 18:25 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-08-28 07:05 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-28 07:05 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-23 20:09 . 2013-08-23 20:09 -------- d-----w- c:\program files\iPod
2013-08-23 20:09 . 2013-08-23 20:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 20:09 . 2013-08-23 20:09 -------- d-----w- c:\program files\iTunes
2013-08-23 20:09 . 2013-08-23 20:09 -------- d-----w- c:\program files (x86)\iTunes
2013-08-19 19:52 . 2013-09-06 18:27 238352 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-08-19 19:52 . 2013-09-06 18:25 119056 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 22:52 . 2012-04-10 01:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 22:52 . 2011-07-10 14:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 07:09 . 2006-11-02 12:35 79143768 ----a-w- c:\windows\system32\mrt.exe
2013-09-07 16:48 . 2012-06-08 16:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-09-06 18:25 . 2013-07-04 19:57 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-07-22 18:24 . 2013-07-22 18:24 45056 ----a-r- c:\users\Franknj229\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-07-22 18:24 . 2013-07-22 18:24 45056 ----a-r- c:\users\Franknj229\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe
2013-07-17 20:01 . 2013-08-14 20:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-17 19:41 . 2013-08-14 20:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-10 09:47 . 2013-08-14 20:41 677888 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-10 09:42 . 2013-08-14 20:41 1303552 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:04 . 2013-08-14 20:41 1168088 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-07-09 12:04 . 2013-08-14 20:41 1585256 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:51 . 2013-08-14 20:41 4691904 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-14 20:41 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-07-08 04:20 . 2013-08-14 20:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-08 04:18 . 2013-08-14 20:41 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-07-08 04:16 . 2013-08-14 20:41 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 20:41 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 20:41 992768 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-08 04:16 . 2013-08-14 20:41 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 04:15 . 2013-08-14 20:41 234496 ----a-w- c:\windows\system32\wow64.dll
2013-07-08 04:15 . 2013-08-14 20:41 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:14 . 2013-08-14 20:41 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-07-08 04:12 . 2013-08-14 20:41 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:12 . 2013-08-14 20:41 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:12 . 2013-08-14 20:41 1276416 ----a-w- c:\windows\system32\crypt32.dll
2013-07-08 01:39 . 2013-08-14 20:41 26112 ----a-w- c:\windows\SysWow64\setup16.exe
2013-07-08 01:39 . 2013-08-14 20:41 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-07-08 01:39 . 2013-08-14 20:41 2560 ----a-w- c:\windows\SysWow64\user.exe
2013-07-05 04:45 . 2013-08-14 20:41 1423808 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-24 21:02 . 2013-06-24 21:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 21:02 . 2012-06-24 04:32 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 21:02 . 2010-05-28 10:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Steam"="c:\program files (x86)\steam\video games\steam.exe" [2013-09-06 1811368]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2013-09-03 1272704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2008-10-22 4040192]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-28 27760]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-04-15 1310720]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-10-24 296096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-03-03 356376]
.
c:\users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-8-23 2039568]
NexDef Plug-in.lnk - c:\users\Franknj229\AppData\Local\Autobahn\nexdef.exe [2013-3-14 15500800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 15371439
*Deregistered* - 15371439
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-07 20:17 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:52]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 20:20]
.
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 20:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://barkatl9991.viewnetcam.com:5007/MpegInst.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://cam8997481.viewnetcam.com:5009/JpegInst.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9b,2a,80,a7,27,01,d3,85,92,4c,5a,0b,d1,4d,e5,55,8b,09,73,af,01,
1c,ac,23,10,81,d1,93,96,a8,85,93,d7,fa,6d,09,33,b1,7a,d6,ce,14,c8,d1,a4,1a,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2013-09-16 22:08:14
ComboFix-quarantined-files.txt 2013-09-17 02:08
ComboFix2.txt 2013-02-07 20:50
.
Pre-Run: 435,760,029,696 bytes free
Post-Run: 436,687,003,648 bytes free
.
- - End Of File - - C4C2B9971BC0C3D6C4E089912455EACD
5C616939100B85E558DA92B899A0FC36


----------



## Cookiegal (Aug 27, 2003)

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## Franknj229 (Sep 21, 2009)

FRST Scan

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 03
Ran by Franknj229 (administrator) on FRANKNJ229-PC on 18-09-2013 10:53:10
Running from C:\Users\Franknj229\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Video Games\Steam.exe
(GameStop Corp.) C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
() C:\Program Files\ASUS\TurboV\TurboV.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
() C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BioWare) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RivaTuner] - C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe [24576 2009-02-25] ()
HKLM\...\Run: [RivaTunerStartupDaemon] - C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe [24576 2009-02-25] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKCU\...\Run: [Steam] - c:\program files (x86)\steam\video games\steam.exe [1811368 2013-09-06] (Valve Corporation)
HKCU\...\Run: [igndlm.exe] - C:\Program Files (x86)\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)
HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TurboV] - C:\Program Files\ASUS\TurboV\TurboV.exe [4040192 2008-10-21] ()
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-28] (Bitleader)
HKLM-x32\...\Run: [PivotSoftware] - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe [694008 2007-02-09] ()
HKLM-x32\...\Run: [DT ACR] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [81920 2008-06-06] ()
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2008-04-15] (Analog Devices, Inc.)
HKLM-x32\...\Run: [MSN Toolbar] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [240992 2009-12-08] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-10-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-03-03] (Kaspersky Lab ZAO)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
Startup: C:\Users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://cam4231246.viewnetcam.com:5001/bl_camera.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://barkatl9991.viewnetcam.com:5007/MpegInst.cab
DPF: HKLM-x32 {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://cam8997481.viewnetcam.com:5009/JpegInst.cab
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\FRANKN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\FRANKN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\FRANKN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\FRANKN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [86016 2008-08-15] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-03-03] (Kaspersky Lab ZAO)
S2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-06-06] ()
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [173096 2008-06-23] (Marvell Semiconductor, Inc.)
R0 mv64xx; C:\Windows\System32\DRIVERS\mv64xx.sys [316456 2008-07-31] (Marvell Semiconductor, Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20520 2008-06-04] (Portrait Displays, Inc.)
R3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [19952 2009-04-06] ()
R3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [19952 2009-04-06] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-04-12] (Oracle Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 catchme; \??\C:\Puppy\catchme.sys [x]
S3 cpuz132; \??\C:\Users\FRANKN~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S1 dvumgzsl; \??\C:\Windows\system32\drivers\dvumgzsl.sys [x]
S1 edygbarx; \??\C:\Windows\system32\drivers\edygbarx.sys [x]
S1 ghhhadcu; \??\C:\Windows\system32\drivers\ghhhadcu.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 juekuvjz; \??\C:\Windows\system32\drivers\juekuvjz.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S1 lowqnqxo; \??\C:\Windows\system32\drivers\lowqnqxo.sys [x]
S1 nbdvbzzw; \??\C:\Windows\system32\drivers\nbdvbzzw.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-09-18 10:53 - 2013-09-18 10:53 - 00000000 ____D C:\FRST
2013-09-18 10:52 - 2013-09-18 10:52 - 01950524 _____ (Farbar) C:\Users\Franknj229\Desktop\FRST64.exe
2013-09-16 22:08 - 2013-09-16 22:08 - 00017712 _____ C:\ComboFix.txt
2013-09-16 21:52 - 2013-09-16 22:08 - 00000000 ____D C:\Qoobox
2013-09-16 21:52 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-16 21:52 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-16 21:52 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-16 21:50 - 2013-09-16 21:50 - 05126417 ____R (Swearware) C:\Users\Franknj229\Desktop\Puppy.exe
2013-09-15 22:34 - 2013-09-15 22:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franknj229\Desktop\tdsskiller.exe
2013-09-14 23:09 - 2013-09-14 23:09 - 00023890 _____ C:\Users\Franknj229\Desktop\ark.txt
2013-09-14 22:00 - 2013-09-14 22:00 - 00377856 _____ C:\Users\Franknj229\Desktop\5qb1cdvx.exe
2013-09-14 21:59 - 2013-09-14 21:59 - 00007007 _____ C:\Users\Franknj229\Desktop\attach.txt
2013-09-14 21:59 - 2013-09-14 21:57 - 00022217 _____ C:\Users\Franknj229\Desktop\dds.txt
2013-09-14 21:56 - 2013-09-14 21:56 - 00688992 ____R (Swearware) C:\Users\Franknj229\Desktop\dds.scr
2013-09-14 21:55 - 2013-09-14 21:55 - 00013919 _____ C:\Users\Franknj229\Desktop\hijackthis.log
2013-09-14 21:54 - 2013-09-14 21:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Franknj229\Desktop\HijackThis.exe
2013-09-14 18:51 - 2013-09-14 18:51 - 00262144 _____ C:\Windows\Minidump\Mini091413-01.dmp
2013-09-12 03:05 - 2013-07-31 10:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 03:05 - 2013-07-31 09:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 03:05 - 2013-07-31 09:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 03:05 - 2013-07-31 09:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 03:05 - 2013-07-31 09:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 03:05 - 2013-07-31 09:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 03:05 - 2013-07-31 09:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 03:05 - 2013-07-31 09:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 03:05 - 2013-07-31 09:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 03:05 - 2013-07-31 09:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 03:05 - 2013-07-31 09:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-12 03:05 - 2013-07-31 09:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 03:05 - 2013-07-31 09:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 03:05 - 2013-07-31 09:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 03:05 - 2013-07-31 09:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 03:05 - 2013-07-31 09:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 03:05 - 2013-07-31 06:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 03:05 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 03:05 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 03:05 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 03:05 - 2013-07-31 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-12 03:05 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 03:05 - 2013-07-31 05:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-12 03:05 - 2013-07-31 05:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 03:05 - 2013-07-31 05:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 03:05 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-12 03:05 - 2013-07-31 05:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-12 03:05 - 2013-07-31 05:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 03:05 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 03:05 - 2013-07-31 05:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 03:05 - 2013-07-31 05:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-12 03:05 - 2013-07-31 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 11:06 - 2013-08-07 22:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 11:06 - 2013-07-16 05:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-11 11:06 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-08 11:00 - 2013-09-08 23:36 - 00016429 _____ C:\Users\Franknj229\Desktop\Full year box pool research.ods
2013-09-07 23:24 - 2013-09-07 23:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-07 03:02 - 2013-09-07 03:02 - 00460936 _____ C:\Windows\dd_vcredistMSI5723.txt
2013-09-07 03:02 - 2013-09-07 03:02 - 00011590 _____ C:\Windows\dd_vcredistUI5723.txt
2013-09-07 03:01 - 2013-09-07 03:02 - 00458572 _____ C:\Windows\dd_vcredistMSI56C1.txt
2013-09-07 03:01 - 2013-09-07 03:02 - 00011622 _____ C:\Windows\dd_vcredistUI56C1.txt
2013-09-06 14:25 - 2013-09-06 14:25 - 00204048 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-09-06 14:25 - 2013-09-06 14:25 - 00146704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-09-04 10:08 - 2013-09-07 23:16 - 00000000 ____D C:\Users\Franknj229\Desktop\Sophie
2013-08-28 03:05 - 2013-08-02 10:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 03:05 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-23 21:35 - 2013-08-23 21:36 - 00000000 ____D C:\Users\Franknj229\Desktop\Jill's iPhone pics as of 8-23-13
2013-08-23 16:09 - 2013-08-23 16:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 16:09 - 2013-08-23 16:09 - 00000000 ____D C:\Program Files\iTunes
2013-08-23 16:09 - 2013-08-23 16:09 - 00000000 ____D C:\Program Files\iPod
2013-08-23 16:09 - 2013-08-23 16:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-21 03:17 - 2013-09-11 12:31 - 00000000 ____D C:\Users\Franknj229\Desktop\iPhone pics as of 8-21-13
2013-08-19 15:52 - 2013-09-06 14:27 - 00238352 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-08-19 15:52 - 2013-09-06 14:25 - 00119056 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
==================== One Month Modified Files and Folders =======
2018-01-02 10:23 - 2009-04-06 22:04 - 00000000 ____D C:\Users\Franknj229\Downloads\Guru3D.com
2013-09-18 10:53 - 2013-09-18 10:53 - 00000000 ____D C:\FRST
2013-09-18 10:53 - 2008-01-20 21:53 - 01652956 _____ C:\Windows\WindowsUpdate.log
2013-09-18 10:52 - 2013-09-18 10:52 - 01950524 _____ (Farbar) C:\Users\Franknj229\Desktop\FRST64.exe
2013-09-18 10:52 - 2013-03-03 12:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-18 10:52 - 2012-09-21 22:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-18 10:51 - 2010-05-05 16:20 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-18 10:49 - 2006-11-02 11:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-18 10:49 - 2006-11-02 11:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-18 03:24 - 2009-06-02 20:43 - 00000000 ____D C:\Users\Franknj229\.VirtualBox
2013-09-18 00:11 - 2010-05-05 16:20 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 22:08 - 2013-09-16 22:08 - 00017712 _____ C:\ComboFix.txt
2013-09-16 22:08 - 2013-09-16 21:52 - 00000000 ____D C:\Qoobox
2013-09-16 22:06 - 2006-11-02 08:34 - 00000215 _____ C:\Windows\system.ini
2013-09-16 21:51 - 2013-01-30 20:21 - 00000000 ____D C:\Windows\erdnt
2013-09-16 21:50 - 2013-09-16 21:50 - 05126417 ____R (Swearware) C:\Users\Franknj229\Desktop\Puppy.exe
2013-09-16 17:34 - 2012-10-13 12:47 - 00000000 ____D C:\Bovada
2013-09-15 22:34 - 2013-09-15 22:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franknj229\Desktop\tdsskiller.exe
2013-09-15 09:23 - 2006-11-02 08:46 - 00735700 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-15 09:17 - 2009-04-01 02:06 - 00000397 _____ C:\Windows\lgfwup.ini
2013-09-15 09:17 - 2009-04-01 02:06 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2013-09-15 09:16 - 2009-04-01 01:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-15 09:16 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-14 23:09 - 2013-09-14 23:09 - 00023890 _____ C:\Users\Franknj229\Desktop\ark.txt
2013-09-14 22:00 - 2013-09-14 22:00 - 00377856 _____ C:\Users\Franknj229\Desktop\5qb1cdvx.exe
2013-09-14 21:59 - 2013-09-14 21:59 - 00007007 _____ C:\Users\Franknj229\Desktop\attach.txt
2013-09-14 21:57 - 2013-09-14 21:59 - 00022217 _____ C:\Users\Franknj229\Desktop\dds.txt
2013-09-14 21:56 - 2013-09-14 21:56 - 00688992 ____R (Swearware) C:\Users\Franknj229\Desktop\dds.scr
2013-09-14 21:55 - 2013-09-14 21:55 - 00013919 _____ C:\Users\Franknj229\Desktop\hijackthis.log
2013-09-14 21:54 - 2013-09-14 21:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Franknj229\Desktop\HijackThis.exe
2013-09-14 20:17 - 2009-04-01 03:02 - 00060928 _____ C:\Users\Franknj229\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-14 18:51 - 2013-09-14 18:51 - 00262144 _____ C:\Windows\Minidump\Mini091413-01.dmp
2013-09-14 18:51 - 2009-12-23 14:16 - 779594793 _____ C:\Windows\MEMORY.DMP
2013-09-14 18:51 - 2009-12-23 14:16 - 00000000 ____D C:\Windows\Minidump
2013-09-13 18:52 - 2012-09-21 22:04 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-13 18:52 - 2012-04-09 21:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-13 18:52 - 2011-07-10 10:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-12 07:30 - 2006-11-02 11:21 - 00252968 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 07:27 - 2006-11-02 11:42 - 00032592 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-12 03:11 - 2013-08-15 03:04 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:09 - 2006-11-02 08:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 12:53 - 2012-05-10 09:29 - 00000000 ____D C:\Users\Franknj229\Desktop\For Facebook 5-10
2013-09-11 12:31 - 2013-08-21 03:17 - 00000000 ____D C:\Users\Franknj229\Desktop\iPhone pics as of 8-21-13
2013-09-10 20:36 - 2010-10-17 17:04 - 00000680 _____ C:\Users\Franknj229\AppData\Local\d3d9caps.dat
2013-09-09 19:57 - 2012-04-11 09:51 - 00000983 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2013-09-09 19:57 - 2009-03-31 23:52 - 00000000 ____D C:\Users\Franknj229
2013-09-08 23:36 - 2013-09-08 11:00 - 00016429 _____ C:\Users\Franknj229\Desktop\Full year box pool research.ods
2013-09-08 14:30 - 2013-04-21 17:51 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-09-07 23:24 - 2013-09-07 23:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-07 23:16 - 2013-09-04 10:08 - 00000000 ____D C:\Users\Franknj229\Desktop\Sophie
2013-09-07 12:48 - 2012-06-08 12:38 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-07 03:02 - 2013-09-07 03:02 - 00460936 _____ C:\Windows\dd_vcredistMSI5723.txt
2013-09-07 03:02 - 2013-09-07 03:02 - 00011590 _____ C:\Windows\dd_vcredistUI5723.txt
2013-09-07 03:02 - 2013-09-07 03:01 - 00458572 _____ C:\Windows\dd_vcredistMSI56C1.txt
2013-09-07 03:02 - 2013-09-07 03:01 - 00011622 _____ C:\Windows\dd_vcredistUI56C1.txt
2013-09-06 14:27 - 2013-08-19 15:52 - 00238352 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-09-06 14:25 - 2013-09-06 14:25 - 00204048 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-09-06 14:25 - 2013-09-06 14:25 - 00146704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-09-06 14:25 - 2013-08-19 15:52 - 00119056 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-09-06 14:25 - 2013-07-04 15:57 - 00131856 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-09-06 12:22 - 2009-04-08 19:42 - 00000000 ____D C:\Users\Franknj229\Documents\Passwords and codes
2013-08-31 16:16 - 2009-04-06 19:14 - 00000000 ____D C:\Users\Franknj229\AppData\Local\Autobahn
2013-08-31 16:16 - 2009-03-31 23:52 - 00000000 ___RD C:\Users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-23 21:36 - 2013-08-23 21:35 - 00000000 ____D C:\Users\Franknj229\Desktop\Jill's iPhone pics as of 8-23-13
2013-08-23 16:09 - 2013-08-23 16:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 16:09 - 2013-08-23 16:09 - 00000000 ____D C:\Program Files\iTunes
2013-08-23 16:09 - 2013-08-23 16:09 - 00000000 ____D C:\Program Files\iPod
2013-08-23 16:09 - 2013-08-23 16:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-08-23 16:09 - 2012-03-31 11:30 - 00001654 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-21 04:02 - 2009-11-23 00:09 - 00000000 ____D C:\Users\Franknj229\AppData\Roaming\vlc
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-15 21:34
==================== End Of Log ============================

Addition Scan

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 03
Ran by Franknj229 at 2013-09-18 10:53:40
Running from C:\Users\Franknj229\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================
AA3Deploy (HKCU Version: 1.2.0.3)
Acer eDisplay Management (x32 Version: 1.20.011)
Acrobat.com (x32 Version: 2.3.0)
Acrobat.com (x32 Version: 2.3.0.0)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.174)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.7.637)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BovadaPoker (x32 Version: )
Canon Easy-PhotoPrint EX (x32)
Canon MP Navigator EX 4.0 (x32)
Canon MP495 series MP Drivers
Canon MP495 series User Registration (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Catalina Savings Printer (x32 Version: 1.0.0)
Creation Kit (x32)
CyberLink DVD Suite (x32 Version: 5.0.3019)
Download Manager 2.3.10 (x32 Version: 2.3.10)
Dragon Age DLC Service (x32 Version: 1.0)
Dragon Age DLC Service (x32)
Dragon Age II (x32 Version: 1.03)
Dragon Age Origins - Ultimate Edition (x32)
Dragon Age: Origins (x32 Version: 1.04)
EA Installer (x32 Version: 2.2.0.62)
EA Shared Game Component: Activation (x32 Version: 2.2.0)
EA Shared Game Component: Activation (x32 Version: 2.2.0.62)
EPU-6 Engine (x32 Version: 1.00.26)
ESET Online Scanner v3 (x32)
EVGA Precision 1.4.0 (x32)
Express Gate (x32 Version: 1.3.3.1)
Fallout: New Vegas (x32)
Fraps (x32)
GameFly (x32 Version: 1.2.248)
GameStop App (x32 Version: 4.00)
Garmin Communicator Plugin (x32 Version: 2.8.1)
Garmin POI Loader (x32 Version: 2.5.3.0)
Garmin USB Drivers (x32 Version: 1.0.0.0)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
HGTV Instant Makeover Workshop (x32 Version: 1.00.0000)
Host OpenAL (ADI) (x32)
iCloud (Version: 2.1.2.8)
Intel(R) Processor ID Utility (x32 Version: 4.20.0000)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Left 4 Dead (x32)
Left 4 Dead 2 Demo (x32)
LG ODD Auto Firmware Update (x32 Version: 10.01.0712.01)
Lightworks (x32 Version: 11.0.3.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100)
marvell 61xx (x32 Version: 1.2.0.47)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (x32)
Microsoft .NET Framework 1.1 Security Update (KB2742597) (x32)
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Default Manager (x32 Version: 2.1.54.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.2.3.0)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft UI Engine (x32 Version: 4.0.0318.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Move Media Player (HKCU)
MSN Toolbar (x32 Version: 4.0.0379.0)
MSN Toolbar Platform (x32 Version: 4.0.0379.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 7 Essentials (x32 Version: 7.03.1303)
neroxml (x32 Version: 1.0.0)
NVIDIA 3D Vision Controller Driver 306.97 (Version: 306.97)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
Origin (x32 Version: 9.0.15.65)
Overhead Door Configurator (x32 Version: 1.0)
Overhead Door Configurator (x32 Version: v1.0)
Peggle Extreme (x32)
PhotoStage Slideshow Producer (x32)
Pivot Software (x32 Version: 8.21.013)
PokerStars (x32)
Portal (x32)
Prism Video File Converter (x32)
Puzzle Agent (x32)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
RealUpgrade 1.1 (x32 Version: 1.1.0)
RivaTuner v2.24 (x32 Version: v2.24)
SDK (x32 Version: 2.05.004)
Sid Meier's Civilization V (x32)
SoundMAX (x32 Version: 6.10.2.6520)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab (x32)
The Elder Scrolls V: Skyrim (x32)
Torchlight II (x32)
TrueCrypt (x32 Version: 7.1a)
TurboV (x32 Version: 1.00.17)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VideoPad Video Editor (x32)
Vista Codec Package (x32 Version: 5.4.1)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 8.0.0.35)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
VLC media player 1.0.3 (x32 Version: 1.0.3)
WavePad Sound Editor (x32)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR archiver
x64 Components v2.1.1 (Version: 2.1.1)
==================== Restore Points =========================
02-09-2013 13:27:24 Scheduled Checkpoint
03-09-2013 04:14:23 Scheduled Checkpoint
03-09-2013 07:00:26 Windows Update
04-09-2013 04:52:07 Scheduled Checkpoint
04-09-2013 07:00:26 Windows Update
05-09-2013 07:00:10 Windows Update
06-09-2013 07:00:27 Windows Update
07-09-2013 06:21:51 Scheduled Checkpoint
07-09-2013 07:00:11 Windows Update
08-09-2013 02:20:30 Removed Microsoft Silverlight
08-09-2013 02:21:03 Removed Microsoft Silverlight
08-09-2013 07:00:27 Windows Update
09-09-2013 07:00:10 Windows Update
09-09-2013 23:54:57 Installed Oracle VM VirtualBox 4.2.18
10-09-2013 07:00:32 Windows Update
11-09-2013 07:00:30 Windows Update
12-09-2013 05:18:43 Scheduled Checkpoint
12-09-2013 07:00:11 Windows Update
12-09-2013 17:33:45 Windows Update
12-09-2013 17:35:51 Windows Update
13-09-2013 07:00:29 Windows Update
14-09-2013 01:31:55 Scheduled Checkpoint
14-09-2013 07:00:28 Windows Update
15-09-2013 17:15:48 Scheduled Checkpoint
16-09-2013 07:00:10 Windows Update
17-09-2013 05:13:08 Scheduled Checkpoint
17-09-2013 07:00:29 Windows Update
18-09-2013 07:00:10 Windows Update
==================== Hosts content: ==========================
2006-11-02 08:34 - 2013-09-16 22:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0419602C-C6BE-46BB-9F9E-9736364BE33A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-13] (Adobe Systems Incorporated)
Task: {08747466-FC65-4E4B-9AC0-646DB56B612D} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {0D3C7F17-660C-4EB4-86E2-4EDC21172F7B} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-20] (Microsoft Corporation)
Task: {16A87F4E-E706-4991-8B79-73B0567E700C} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-10-02] ()
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {25BC4FDF-F908-4B92-A4E2-81C6A534E14B} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {3075FB8C-98EA-4269-A6AA-8D7642BB0B84} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2669562794-4212015103-2530955540-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {52D29F94-1040-49F1-A4EE-9F493D3D10C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {61D0A8FD-BB63-4588-8F90-CA7EBF2620A4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2669562794-4212015103-2530955540-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {7817CEA5-61DB-4A45-A731-08812E045C4E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Franknj229
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B2BD96A-1E28-4362-96CE-64CECFEEB994} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05] (Google Inc.)
Task: {8C6F7287-C72A-45A1-9FC0-51B75AB1BB3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05] (Google Inc.)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-20] (Microsoft Corporation)
Task: {AE499707-C55D-4BBD-B350-A4098586A669} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\System32\sdengin2.dll [2008-01-20] (Microsoft Corporation)
Task: {DE8388F8-A6AE-4DEF-814C-6CA5D5CA248E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-12-16 13:10 - 2013-02-26 00:32 - 18055184 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2011-09-24 14:04 - 2010-03-24 21:50 - 00113152 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\cnmpu.dll
2011-09-24 14:04 - 2010-03-24 21:50 - 00066048 _____ (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyRes.dll
2011-09-16 19:25 - 2010-08-25 05:00 - 00715776 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMDRA9.DLL
2011-09-16 19:25 - 2010-08-25 05:00 - 03124224 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMUIA9.DLL
2009-04-01 02:14 - 2007-02-09 12:16 - 00245760 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll
2013-03-12 17:10 - 2013-08-21 18:18 - 00687104 _____ () C:\Program Files (x86)\Steam\Video Games\SDL2.dll
2011-07-13 12:09 - 2013-09-06 16:55 - 01120680 _____ () C:\Program Files (x86)\Steam\Video Games\bin\chromehtml.dll
2010-04-27 17:40 - 2013-08-07 15:31 - 20625832 _____ () C:\Program Files (x86)\Steam\Video Games\bin\libcef.dll
2012-03-15 09:10 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\Video Games\bin\avcodec-53.dll
2012-03-15 09:10 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\Video Games\bin\avutil-51.dll
2012-03-15 09:10 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\Video Games\bin\avformat-53.dll
2011-09-27 15:30 - 2011-09-27 15:30 - 00024576 _____ () C:\Program Files (x86)\GameStop App\Now\SDSecurity.dll
2009-04-01 01:09 - 2005-05-11 16:39 - 00565248 _____ () C:\Program Files\ASUS\TurboV\pngio.dll
2009-04-01 01:09 - 2008-09-04 17:42 - 01126912 _____ () C:\Program Files\ASUS\TurboV\OcProfile.dll
2009-04-01 01:09 - 2008-08-21 15:19 - 00126976 _____ () C:\Program Files\ASUS\TurboV\TVOCLIB.DLL
2012-06-15 21:32 - 2009-12-08 21:29 - 00312672 _____ (Microsoft Corp.) C:\Users\Franknj229\AppData\Local\Microsoft\Toolbar\Applications\AppMgr.dll
2011-04-25 10:50 - 2011-04-25 10:50 - 00430944 ____N (Microsoft Corp.) C:\Users\Franknj229\AppData\Local\Microsoft\Toolbar\Applications\WLExtension.dll
2009-04-01 02:09 - 2001-06-01 09:26 - 00372736 _____ (Intel Corporation) C:\Windows\ijl15.dll
2009-04-01 02:09 - 2002-01-05 05:48 - 00974848 _____ (Microsoft Corporation) C:\Windows\mfc70.dll
2009-04-01 02:09 - 2002-01-05 04:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\MSVCR70.dll
2009-04-01 02:09 - 2002-01-05 04:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\msvcp70.dll
2009-04-01 02:09 - 2008-06-06 11:39 - 00102400 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2009-04-01 02:11 - 2008-06-04 17:59 - 00204800 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\WrapI2C.dll
2009-04-01 02:12 - 2008-06-06 11:40 - 00114688 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\colorcal.dll
2009-04-01 02:12 - 2008-06-06 11:40 - 00077824 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
2009-04-01 02:12 - 2008-06-04 17:58 - 00098304 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\vista.dll
2009-04-01 02:12 - 2008-06-04 17:59 - 00110592 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\drivers\pdi_nv2.dll
2009-04-01 02:11 - 2008-06-04 17:59 - 00237568 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\di2c.dll
2009-04-01 02:12 - 2008-06-04 17:59 - 00098304 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\smsc.dll
2009-04-01 02:12 - 2008-06-04 17:59 - 00053248 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\null.dll
2011-09-24 14:05 - 2010-04-08 13:43 - 00028672 _____ (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\LangInfo\EN\CNSELANG.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-30 23:05 - 2011-08-30 23:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2012-08-17 22:40 - 2013-09-07 12:43 - 00083648 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00013240 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpinit.dll
2012-10-25 18:23 - 2013-04-24 12:29 - 00828096 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpmain.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fssync.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00147896 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\DumpWriter.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00611768 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\service.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00159672 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prremote.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00369080 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\prloader.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00110008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\nfio.ppl
2012-08-17 22:41 - 2012-08-17 22:41 - 00021432 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\fsdrvplg.ppl
2012-08-17 22:41 - 2012-08-17 22:41 - 00038840 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\winreg.ppl
2012-08-17 22:41 - 2013-03-03 13:10 - 00045576 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\pxstub.ppl
2012-08-17 22:41 - 2013-03-03 13:10 - 01329008 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\params.ppl
2012-08-17 22:38 - 2012-08-17 22:38 - 01108408 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_legacy.dll
2012-08-17 22:39 - 2013-03-03 13:10 - 00609288 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\key_value_storage.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00254392 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\eka_meta.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00253368 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\updater_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00126904 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\content_filtering_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00256440 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\am_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00434616 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ac_meta.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00362936 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\app_core_meta.dll
2012-08-17 22:39 - 2013-03-03 13:10 - 00825784 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\product_metainfo.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00208824 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\plugins_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00297400 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ksn_meta.dll
2012-08-17 22:40 - 2013-04-24 12:29 - 00238272 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ucp_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00183224 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klifpp_meta.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00097720 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\instrumental_meta.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00395192 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\storage.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00036280 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpservice.dll
2012-10-25 18:23 - 2013-03-03 13:10 - 04885872 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avpgui.ppl
2012-08-17 22:39 - 2012-08-17 22:39 - 02321336 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtCore4.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 02289080 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtDeclarative4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 01296824 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtScript4.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00182200 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtSql4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 07269816 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtGui4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 02051512 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtNetwork4.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-10-25 18:23 - 2013-03-03 13:10 - 02162616 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\basegui.ppl
2012-08-17 22:41 - 2013-03-03 13:10 - 00041328 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\thpimpl.ppl
2012-08-17 22:39 - 2012-08-17 22:39 - 00085944 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\memmon.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00657336 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\localization_manager.dll
2012-08-17 22:39 - 2013-03-03 13:10 - 00288696 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\parental_control_gui.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00018360 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\hashmd5.ppl
2012-08-17 22:40 - 2012-08-17 22:40 - 00034232 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qgif4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00036792 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qico4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00189368 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qjpeg4.dll
2012-08-17 22:41 - 2012-08-17 22:41 - 00088504 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\propmap.ppl
2012-08-17 22:41 - 2012-08-17 22:41 - 00032696 _____ (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\winlibhlpr.ppl
2013-09-13 18:52 - 2013-09-13 18:52 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_174.ocx
==================== Alternate Data Streams (whitelisted) ==========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (09/18/2013 10:49:56 AM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (09/18/2013 10:49:56 AM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib) (User: )
Description: LsaC:\Windows\system32\Secur32.dll4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib) (User: )
Description: EmdCache4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (09/18/2013 04:30:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18003
Error: (09/18/2013 04:30:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18003
Error: (09/18/2013 04:30:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (09/18/2013 10:50:32 AM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Error: (09/18/2013 03:03:48 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941){28510982-322D-4077-AFC0-6EF7C4237CE5}203
Error: (09/17/2013 03:02:53 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941){28510982-322D-4077-AFC0-6EF7C4237CE5}203
Error: (09/16/2013 10:06:18 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
Error: (09/16/2013 10:04:49 PM) (Source: Application Popup) (User: )
Description: \??\C:\Puppy\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (09/16/2013 10:04:48 PM) (Source: Application Popup) (User: )
Description: \??\C:\puppy\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (09/16/2013 10:00:10 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart
Error: (09/16/2013 09:54:38 PM) (Source: Service Control Manager) (User: )
Description: Portrait Displays Display Tune Service1
Error: (09/16/2013 09:54:38 PM) (Source: Service Control Manager) (User: )
Description: ASUS System Control Service1
Error: (09/16/2013 03:03:28 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941){28510982-322D-4077-AFC0-6EF7C4237CE5}203

Microsoft Office Sessions:
=========================
Error: (09/18/2013 10:49:56 AM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (09/18/2013 10:49:56 AM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib)(User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib)(User: )
Description: LsaC:\Windows\system32\Secur32.dll4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib)(User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib)(User: )
Description: EmdCache4
Error: (09/18/2013 10:49:54 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (09/18/2013 04:30:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 18003
Error: (09/18/2013 04:30:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 18003
Error: (09/18/2013 04:30:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
Date: 2013-09-18 10:53:36.210
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:36.085
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:35.959
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:35.833
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:22.093
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:21.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:21.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:21.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:21.568
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-18 10:53:21.442
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 54%
Total physical RAM: 6134.18 MB
Available physical RAM: 2784.92 MB
Total Pagefile: 12447.88 MB
Available Pagefile: 9121.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:398 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (External HDD) (Fixed) (Total:931.51 GB) (Free:450.15 GB) NTFS
Drive f: (Second HDD) (Fixed) (Total:596.17 GB) (Free:471.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: A2C2D364)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: B694AEEB)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
Driver::
dvumgzsl 
edygbarx
ghhhadcu
juekuvjz
lowqnqxo
nbdvbzzw
```
Save the file to your desktop and name it CFScript.txt

Referring to the picture below, drag CFScript.txt into ComboFix.exe (or the renamed puppy.exe if you were asked to rename it).










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.


----------



## Franknj229 (Sep 21, 2009)

ComboFix 13-09-16.01 - Franknj229 09/19/2013 9:59.5.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.3876 [GMT -4:00]
Running from: c:\users\Franknj229\Desktop\Puppy.exe
Command switches used :: c:\users\Franknj229\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_dvumgzsl
-------\Service_edygbarx
-------\Service_ghhhadcu
-------\Service_juekuvjz
-------\Service_lowqnqxo
-------\Service_nbdvbzzw
.
.
((((((((((((((((((((((((( Files Created from 2013-08-19 to 2013-09-19 )))))))))))))))))))))))))))))))
.
.
2013-09-19 14:08 . 2013-09-19 14:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-19 14:08 . 2013-09-19 14:08 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-09-19 14:08 . 2013-09-19 14:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-09-19 14:08 . 2013-09-19 14:08 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-19 14:08 . 2013-09-19 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-18 14:53 . 2013-09-18 14:53 -------- d-----w- C:\FRST
2013-09-17 13:09 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{467B451A-8BF2-4058-8AC6-ABFD47415AE2}\mpengine.dll
2013-09-11 15:06 . 2013-08-08 02:03 2775552 ----a-w- c:\windows\system32\win32k.sys
2013-09-11 15:06 . 2013-07-16 09:25 689152 ----a-w- c:\windows\system32\themeui.dll
2013-09-11 15:06 . 2013-07-16 04:35 615936 ----a-w- c:\windows\SysWow64\themeui.dll
2013-09-08 03:24 . 2013-09-08 03:24 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-09-06 18:25 . 2013-09-06 18:25 146704 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-09-06 18:25 . 2013-09-06 18:25 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-09-03 13:53 . 2013-09-03 13:53 187248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-08-28 07:05 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-28 07:05 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-23 20:09 . 2013-08-23 20:09 -------- d-----w- c:\program files\iPod
2013-08-23 20:09 . 2013-08-23 20:09 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-23 20:09 . 2013-08-23 20:09 -------- d-----w- c:\program files\iTunes
2013-08-23 20:09 . 2013-08-23 20:09 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-13 22:52 . 2012-04-10 01:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 22:52 . 2011-07-10 14:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-12 07:09 . 2006-11-02 12:35 79143768 ----a-w- c:\windows\system32\mrt.exe
2013-09-07 16:48 . 2012-06-08 16:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-09-06 18:27 . 2013-08-19 19:52 238352 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-09-06 18:25 . 2013-08-19 19:52 119056 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-09-06 18:25 . 2013-07-04 19:57 131856 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-08-07 08:22 . 2009-10-03 03:10 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-22 18:24 . 2013-07-22 18:24 45056 ----a-r- c:\users\Franknj229\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-07-22 18:24 . 2013-07-22 18:24 45056 ----a-r- c:\users\Franknj229\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe
2013-07-17 20:01 . 2013-08-14 20:41 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-17 19:41 . 2013-08-14 20:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-10 09:47 . 2013-08-14 20:41 677888 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-10 09:42 . 2013-08-14 20:41 1303552 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:04 . 2013-08-14 20:41 1168088 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-07-09 12:04 . 2013-08-14 20:41 1585256 ----a-w- c:\windows\system32\ntdll.dll
2013-07-08 04:51 . 2013-08-14 20:41 4691904 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-14 20:41 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-07-08 04:20 . 2013-08-14 20:41 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-08 04:18 . 2013-08-14 20:41 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-07-08 04:16 . 2013-08-14 20:41 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-08 04:16 . 2013-08-14 20:41 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-08 04:16 . 2013-08-14 20:41 992768 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-08 04:16 . 2013-08-14 20:41 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 04:15 . 2013-08-14 20:41 234496 ----a-w- c:\windows\system32\wow64.dll
2013-07-08 04:15 . 2013-08-14 20:41 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:14 . 2013-08-14 20:41 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-07-08 04:12 . 2013-08-14 20:41 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:12 . 2013-08-14 20:41 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:12 . 2013-08-14 20:41 1276416 ----a-w- c:\windows\system32\crypt32.dll
2013-07-08 01:39 . 2013-08-14 20:41 26112 ----a-w- c:\windows\SysWow64\setup16.exe
2013-07-08 01:39 . 2013-08-14 20:41 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-07-08 01:39 . 2013-08-14 20:41 2560 ----a-w- c:\windows\SysWow64\user.exe
2013-07-05 04:45 . 2013-08-14 20:41 1423808 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-24 21:02 . 2013-06-24 21:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-24 21:02 . 2012-06-24 04:32 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-24 21:02 . 2010-05-28 10:05 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Steam"="c:\program files (x86)\steam\video games\steam.exe" [2013-09-06 1811368]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Adobe Reader Synchronizer"="c:\program files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2013-09-03 1272704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2008-10-22 4040192]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-28 27760]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-06-06 81920]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-04-15 1310720]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-10-24 296096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-03-03 356376]
.
c:\users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameStop Now.lnk - c:\program files (x86)\GameStop App\Now\GameStopNow.exe [2012-8-23 2039568]
NexDef Plug-in.lnk - c:\users\Franknj229\AppData\Local\Autobahn\nexdef.exe [2013-3-14 15500800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-07 20:17 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:52]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 20:20]
.
2013-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05 20:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RivaTuner"="c:\program files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"RivaTunerStartupDaemon"="c:\program files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://news.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://barkatl9991.viewnetcam.com:5007/MpegInst.cab
DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://cam8997481.viewnetcam.com:5009/JpegInst.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:9b,2a,80,a7,27,01,d3,85,92,4c,5a,0b,d1,4d,e5,55,8b,09,73,af,01,
1c,ac,23,10,81,d1,93,96,a8,85,93,d7,fa,6d,09,33,b1,7a,d6,ce,14,c8,d1,a4,1a,\
"rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ASUS\Six Engine\SixEngine.exe
c:\program files (x86)\Acer Display\eDisplay Management\DTHtml.exe
c:\program files (x86)\Portrait Displays\Pivot Software\floater.exe
c:\users\Franknj229\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor[1].gadget\GPUMonitor.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2013-09-19 11:17:36 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-19 15:17
ComboFix2.txt 2013-09-17 02:08
ComboFix3.txt 2013-02-07 20:50
.
Pre-Run: 421,425,430,528 bytes free
Post-Run: 421,395,681,280 bytes free
.
- - End Of File - - E0503E42933EF0E6F7A58309349DF2BD
5C616939100B85E558DA92B899A0FC36


----------



## Cookiegal (Aug 27, 2003)

Any improvement?


----------



## Franknj229 (Sep 21, 2009)

No freezing for at least 36 hours. Did I just need a driver update? Did you see anything that I should be concerned about?


----------



## Cookiegal (Aug 27, 2003)

It's possible but there are some things that concern me and I'd like to see if they are still there. First, there was some suspicious file modification showing in the GMER log so please remove the version of GMER that you have by dragging the 5qb1cdvx.exe file that's on your desktop to the Recycle Bin. Then grab the latest version:

Please download GMER from: http://www.gmer.net

Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

*Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.*

Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are *unchecked *on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the *Scan *button and when the scan is finished, click *Save* and save the log in Notepad with the name ark.txt to your desktop.

*Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.*

Open the ark.txt file and copy and paste the contents of the log here please.

In addition, please do the following:


Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## Franknj229 (Sep 21, 2009)

Well, it froze again tonight. Found it frozen after being away for a bit.

I double click the new GMER icon, but it doesn't seem to do anything automatically. It opens up the GMER window, but nothing seems to be running, so I just unchecked the IAT/EAT box and checked the C:drive, then clicked "scan". It was taking too long so I went to bed. When I got up this morning, the scan was done, but clicking "save" did nothing. Absolutely nothing happened. I finally clicked "copy" and pasted the log here. Here is the log:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-21 10:40:42
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FALS-00J7B0 rev.05.00K05 931.51GB
Running: m1ul5nqz.exe; Driver: C:\Users\FRANKN~1\AppData\Local\Temp\axlyykoc.sys

---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
.text C:\Windows\System32\win32k.sys!EngAssociateSurface + 328 fffff960000b7f38 8 bytes [5C, F7, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600017f900 3 bytes [00, 83, 02]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600017f904 3 bytes [41, B7, FA]
.text ... * 128
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_pvAllocRbrush + 300  fffff96000223c98 8 bytes [A8, F9, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_ulGetBrushColor + 44 fffff96000223d48 8 bytes [7C, F3, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!CLIPOBJ_GetRgn + 180 fffff960002242a8 8 bytes [FC, F7, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngAllocSectionMem + 196 fffff96000224a08 8 bytes [5C, FE, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 346 fffff96000228ba6 6 bytes {JMP QWORD [RIP+0x287bc]}
.text C:\Windows\System32\win32k.sys!EngCreateBitmap + 44 fffff9600022a638 8 bytes [DC, F5, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreateEvent + 88 fffff9600022f928 8 bytes [74, FB, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngOffsetRgn + 664 fffff96000230218 8 bytes {CALL 0x6006e20a}
.text C:\Windows\System32\win32k.sys!EngGetFilePath + 88 fffff96000230278 8 bytes [54, 03, E2, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngUnlockDriverObj + 44 fffff96000241048 8 bytes [F4, FA, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetPrinterDriver + 32 fffff96000247d98 8 bytes [60, 07, E2, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetTickCount + 24 fffff960002483c8 8 bytes [98, FC, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFindImageProcAddress + 316 fffff9600024a4b8 8 bytes [60, 0C, E2, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFntCacheFault + 716 fffff9600024fcc8 8 bytes [70, FD, E1, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngUnmapFile + 776 fffff96000251368 8 bytes [0C, 0A, E2, 06, 60, FA, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetPrinterDataFileName + 8  fffff96000251378 8 bytes {PUSH RAX; JMP RCX}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076460827 5 bytes JMP 0000000160939ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007647081c 5 bytes JMP 0000000160a89114
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076472483 5 bytes JMP 0000000160a89179
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076474b7c 5 bytes JMP 0000000160a8909b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076489b0b 5 bytes JMP 0000000160a89022
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076495fb7 5 bytes JMP 000000016089189b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076496397 5 bytes JMP 0000000160a891de
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000764ad3ad 5 bytes JMP 0000000160a88fbe
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000764ad3d1 5 bytes JMP 0000000160a88f57
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000765d70a6 5 bytes JMP 0000000160a89393
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007359881c 5 bytes JMP 0000000160a89243
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000073598834 5 bytes JMP 0000000160a892eb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[2464] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075f1ed29 5 bytes JMP 0000000160a8958b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 0000000077164572 6 bytes JMP 00000001608f980d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 000000007716457d 6 bytes JMP 000000016095805c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\kernel32.dll!CreateThread 0000000075038312 3 bytes JMP 00000001608f75e3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\kernel32.dll!CreateThread + 4 0000000075038316 1 byte [EB]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000076457bb3 5 bytes JMP 0000000160957ff9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007646010d 5 bytes JMP 000000016097ed20
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000764603d2 5 bytes JMP 00000001609325b4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000076460827 5 bytes JMP 0000000160939ebc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000764617ea 5 bytes JMP 00000001609603e7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!CreateWindowExA  000000007646280d 5 bytes JMP 0000000160903643
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007647081c 5 bytes JMP 0000000160a89114
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000076472483 5 bytes JMP 0000000160a89179
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000076474b7c 5 bytes JMP 0000000160a8909b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000076489b0b 5 bytes JMP 0000000160a89022
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000076495fb7 5 bytes JMP 000000016089189b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000076496397 5 bytes JMP 0000000160a891de
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!MessageBoxExA 00000000764ad3ad 5 bytes JMP 0000000160a88fbe
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\USER32.dll!MessageBoxExW 00000000764ad3d1 5 bytes JMP 0000000160a88f57
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000761a1e80 5 bytes JMP 0000000160a89947
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076573df0 5 bytes JMP 0000000160a89abd
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076573e40 5 bytes JMP 0000000160a89a3f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 000000007657462b 5 bytes JMP 0000000160a899b1
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000765774bc 5 bytes JMP 0000000160a89a5d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000765d70a6 5 bytes JMP 0000000160a89393
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007359881c 5 bytes JMP 0000000160a89243
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000073598834 5 bytes JMP 0000000160a892eb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5952] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000075f1ed29 5 bytes JMP 0000000160a8958b
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{16f8eadc-f632-4967-a1d5-6589e47bd437}@Dhcpv6State 0
---- EOF - GMER 2.1 ----

I will post the RogueKiller log seperately.


----------



## Franknj229 (Sep 21, 2009)

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Franknj229 [Admin rights]
Mode : Scan -- Date : 09/21/2013 10:46:33
| ARK || FAK || MBR |
¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] nexdef.exe -- C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe [-] -> KILLED [TermProc]
[SUSP PATH] GPUMonitor.exe -- C:\Users\Franknj229\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor[1].gadget\GPUMonitor.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 1 ¤¤¤
[Franknj229][SUSP PATH] NexDef Plug-in.lnk : C:\Users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk @C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe [-][-] -> FOUND
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD1001FALS-00J7B0 ATA Device +++++
--- User ---
[MBR] bce17483edd99f2f7152a227243aaf55
[BSP] 5019be1bda1f50af462c73656fcb0f55 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - WDC WD6401AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] cc221b417c442858a921ad340abdebe0
[BSP] b587241872d5a065546d024140505ec1 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - WD 10EACS External USB Device +++++
--- User ---
[MBR] 7061a89619313fca2cd228c1bdf9edad
[BSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_S_09212013_104633.txt >>


----------



## Cookiegal (Aug 27, 2003)

Please go to *VirusTotal* and upload the following file for scanning.

Click *Choose File*
Navigate to the following file then click *Open* 

```
C:\Windows\system32\ntoskrnl.exe
```

Click *Scan It*
If you get a message saying the file has already been analyzed click *Reanalyse file now*
Wait for the scan to finish and then copy and paste the URL from your browser address bar in your next reply please.

C:\Windows\system32\ntoskrnl.exe


----------



## Franknj229 (Sep 21, 2009)

Well that's interesting....

I can navigate to that file by clicking the "My computer" icon on my desktop, going to the Windows folder, then the System32 folder, and then scrolling down to the "n's" until I find "ntoskrnl".

HOWEVER.....

When I click the link you provided for VirusTotal and click "Choose File", I go through all the same steps as listed above, except there is no "ntoskrnl". All the other files are there (I had both windows open and compared the lists side by side), but not "ntoskrnl".

It's as if it is hiding from VirusTotal! What is it???


----------



## Cookiegal (Aug 27, 2003)

The file is the core of the operating system so it should be legitimate but it may have been altered. That's why I'd like to check it at Virus Total. Since you can't upload it let's try another method to get the md5 which will help to identify it.

If we already used this program then there's no need to download it again, you can just use the same one.

Please download  *SystemLook* and save it to your Desktop.

Double-click *SystemLook.exe* to run it.
Copy the content of the following code box into the main text field:

```
:filefind
*ntoskrnl*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## Franknj229 (Sep 21, 2009)

SystemLook 04.09.10 by jpshortstuff
Log created at 01:30 on 23/09/2013 by Franknj229
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "*ntoskrnl*"
C:\Windows\erdnt\cache64\ntoskrnl.exe --a---- 4691904 bytes [00:33 31/01/2013] [04:51 08/07/2013] 82272D72710ED6A40E9A2A2286A9BBF4
C:\Windows\System32\migwiz\dlmanifests\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\SysWOW64\migwiz\dlmanifests\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_c636b1f06f7ee0e5\ntoskrnl.exe --a---- 4429368 bytes [05:17 01/04/2009] [04:56 18/09/2008] 2A87B3D380E3800BF247D82E58F0FCBA
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_c64852866f7240ce\ntoskrnl.exe --a---- 4427232 bytes [23:14 15/04/2009] [04:44 03/03/2009] 8B3095B00E832ABFC7047A04E681CCDE
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_c669c47a6f590379\ntoskrnl.exe --a---- 4425288 bytes [16:37 18/10/2009] [15:07 05/08/2009] C53B06CB817845873A3D32C1BAD33727
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16973_none_c620159a6f8ff9be\ntoskrnl.exe --a---- 4425304 bytes [21:43 09/02/2010] [21:09 08/12/2009] 5183EBE8114DA62A532E275CFB3729CC
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_c653fcc46f696e9d\ntoskrnl.exe --a---- 4424072 bytes [23:09 13/04/2010] [15:05 18/02/2010] 8E3658ABC4A2053DBEA37C84E416DEB5
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_c6ddbf878886ddfe\ntoskrnl.exe --a---- 4416056 bytes [05:17 01/04/2009] [04:41 18/09/2008] EFAAC7A874B65DF3F26B5092291D4859
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_c6df983d888543ee\ntoskrnl.exe --a---- 4413936 bytes [23:14 15/04/2009] [04:38 03/03/2009] CC172711FF2FCE0673321A951B02C379
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_c6f339678876d685\ntoskrnl.exe --a---- 4412488 bytes [16:37 18/10/2009] [15:14 05/08/2009] 5E99FFD02816FF54247294C7C9C003B9
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21175_none_c6ab8b1b88abff78\ntoskrnl.exe --a---- 4412504 bytes [21:43 09/02/2010] [21:05 08/12/2009] 46B167601033C2DB4E1A727569A8CA31
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21226_none_c6e29ce788828a41\ntoskrnl.exe --a---- 4411272 bytes [23:09 13/04/2010] [15:10 18/02/2010] AF706D838B59A6C30D8B46C5C2D9D2FD
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_c84efd246c80839e\ntoskrnl.exe --a---- 4694072 bytes [02:49 21/01/2008] [02:49 21/01/2008] 6760643D6400CA78640E9DD3824115B1
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_c8111e7a6cae7749\ntoskrnl.exe --a---- 4694584 bytes [05:17 01/04/2009] [08:53 26/04/2008] 6DEA6827709FC6F047580111651DFF02
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_c828c0cc6c9c6f3c\ntoskrnl.exe --a---- 4694584 bytes [05:17 01/04/2009] [04:56 18/09/2008] 247A2AAF7E5189716192EE19EC6EC6FB
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_c83f62d46c8b4dd8\ntoskrnl.exe --a---- 4692448 bytes [23:14 15/04/2009] [05:02 03/03/2009] ED97E8551F0B1844250ED1B07393B10D
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_c85303fe6c7ce06f\ntoskrnl.exe --a---- 4691016 bytes [16:37 18/10/2009] [14:56 05/08/2009] 043EB4B7C74C189E06584411B2C9EB8F
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18377_none_c80a55686cb2f00b\ntoskrnl.exe --a---- 4691032 bytes [21:43 09/02/2010] [20:59 08/12/2009] E50C900C7F479886F26FA60ADBEE5852
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18427_none_c84066ea6c8a617d\ntoskrnl.exe --a---- 4690832 bytes [23:09 13/04/2010] [15:01 18/02/2010] 413D579C2CDEF19CD842F4DF4A90C4ED
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_c80087ac6cba227a\ntoskrnl.exe --a---- 4690832 bytes [05:11 12/08/2010] [17:47 08/06/2010] CCCD9EE56C92778385A3E715DC3D5ABF
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_c836992e6c9193ec\ntoskrnl.exe --a---- 4692368 bytes [02:08 09/02/2011] [14:02 15/10/2010] 760A67A51D409EB396D1942D5555435C
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_c89ebc6d85c87c6f\ntoskrnl.exe --a---- 4694584 bytes [05:17 01/04/2009] [08:43 26/04/2008] A1DC0EFF401FE35688F1046F10BEE5BF
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_c8a0bee785c6ac44\ntoskrnl.exe --a---- 4694584 bytes [05:17 01/04/2009] [05:56 18/09/2008] 5E31190EF331709EAB9FB66C3683540B
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_c88b20f585d6e14d\ntoskrnl.exe --a---- 4691424 bytes [23:14 15/04/2009] [05:04 03/03/2009] 65252FED486E5BF1E384CA65C16148C7
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_c88b22db85d6de74\ntoskrnl.exe --a---- 4682824 bytes [16:37 18/10/2009] [14:12 05/08/2009] 0170600F2A613CE3E8CC2B66A6DC7885
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22577_none_c893f41985d08cfc\ntoskrnl.exe --a---- 4678232 bytes [21:43 09/02/2010] [21:13 08/12/2009] 6DC7FC9EB17EF1CB809AED351DE91DB9
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22636_none_c8be356585b10108\ntoskrnl.exe --a---- 4678032 bytes [23:09 13/04/2010] [15:04 18/02/2010] C0EC74895F90E5E788061C7F305F57D1
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_c8dfa7598597c3b3\ntoskrnl.exe --a---- 4675976 bytes [05:11 12/08/2010] [17:18 08/06/2010] 31F137EEB5121654A9448904D89209A2
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_c893f7e585d0874a\ntoskrnl.exe --a---- 4678032 bytes [02:08 09/02/2011] [14:02 15/10/2010] 3A22B135BC4341025E19B9ADFB26C02A
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_ca3a763069a24eea\ntoskrnl.exe --a---- 4699608 bytes [14:46 01/08/2009] [07:15 11/04/2009] 1B60CCC70788044404EEFBBB389FC111
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_c9e0f5f269e5e26d\ntoskrnl.exe --a---- 4698168 bytes [16:37 18/10/2009] [12:47 04/08/2009] 8E43DA6C8040C68446AA4B5D84C8127A
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18160_none_c9f4971c69d77504\ntoskrnl.exe --a---- 4698184 bytes [21:43 09/02/2010] [20:22 08/12/2009] 9668520760E72E1B1B9EDFB7BFB6A691
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18209_none_ca3e7b24699eae94\ntoskrnl.exe --a---- 4697992 bytes [23:09 13/04/2010] [14:28 18/02/2010] 72FD908E7D1F176C00F1EF8F3D1445B0
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_c9fb9b0869d1238c\ntoskrnl.exe --a---- 4697992 bytes [05:11 12/08/2010] [18:00 08/06/2010] 825926D6AD714A529F4069D9EBBD1D3B
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_ca26dc9e69b0b0ef\ntoskrnl.exe --a---- 4699024 bytes [02:08 09/02/2011] [14:02 15/10/2010] 4065E920FB6ED05B5F62A1FB6908C6C5
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18484_none_c9e2fe1e69e409b7\ntoskrnl.exe --a---- 4699536 bytes [18:21 09/08/2011] [08:45 20/06/2011] A26DE9288D67E4EAC2D1205043AFD430
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18595_none_c9d9306269eb3c26\ntoskrnl.exe --a---- 4699520 bytes [03:33 11/04/2012] [06:44 06/03/2012] 98581CA6B029D491F60E32A045BC4FF1
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18607_none_ca3c822869a07082\ntoskrnl.exe --a---- 4699520 bytes [14:17 10/05/2012] [08:22 03/04/2012] 7180984A68411B9D2F2495E03561B47E
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18686_none_c9e5027e69e236b3\ntoskrnl.exe --a---- 4699520 bytes [19:28 10/10/2012] [11:40 29/08/2012] 1A14913D51571403CF8A3941BDC3BA67
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18765_none_c9f9a3f269d2e2a1\ntoskrnl.exe --a---- 4695400 bytes [15:24 13/02/2013] [05:37 05/01/2013] 8A3AB79510C3384BF14D1731DD1ED963
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18805_none_ca3a856069a23822\ntoskrnl.exe --a---- 4691304 bytes [16:54 10/04/2013] [13:33 11/03/2013] 1F8B1075A863117A35EE94436E2962E7
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18881_none_c9e004d869e6b24e\ntoskrnl.exe --a---- 4691904 bytes [20:41 14/08/2013] [04:51 08/07/2013] 82272D72710ED6A40E9A2A2286A9BBF4
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_ca5ec287830c84d1\ntoskrnl.exe --a---- 4693576 bytes [16:37 18/10/2009] [14:09 05/08/2009] 0DD0FCFB9609403352FF75656826E82F
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22283_none_ca6b94ed830298b5\ntoskrnl.exe --a---- 4691528 bytes [21:43 09/02/2010] [20:05 08/12/2009] CBA7366E93C4DCAA62005A177EEC2FCE
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22341_none_ca94d5ef82e3f36a\ntoskrnl.exe --a---- 4690304 bytes [23:09 13/04/2010] [14:22 18/02/2010] AE0C10C55347383C0CD6CFF3F4794FD7
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_caa9776382d49f58\ntoskrnl.exe --a---- 4688256 bytes [05:11 12/08/2010] [18:10 08/06/2010] 04C706018E9F0A2C835A427A8AB6EBA1
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_cac41a9382bfe350\ntoskrnl.exe --a---- 4689808 bytes [02:08 09/02/2011] [14:02 15/10/2010] 255A6D981139EFEF605A88E003D1B2A2
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22662_none_ca803c1382f33c18\ntoskrnl.exe --a---- 4688784 bytes [18:21 09/08/2011] [08:45 20/06/2011] D14B8C4AB6C05B89D430D3911FE2833B
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22811_none_cab54f3182cb915a\ntoskrnl.exe --a---- 4687744 bytes [03:33 11/04/2012] [06:44 06/03/2012] B448C24F801DC79661E30DBC8E739DB2
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_ca9faf5982dbc93c\ntoskrnl.exe --a---- 4687232 bytes [14:17 10/05/2012] [08:22 03/04/2012] B59E026F49BF06B435795F867AD46009
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22920_none_caa980e182d4911b\ntoskrnl.exe --a---- 4686208 bytes [19:28 10/10/2012] [11:40 29/08/2012] 34C970A45CCC0D65A4A0F8D306E12844
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.23025_none_caae5a7582d04310\ntoskrnl.exe --a---- 4681592 bytes [15:24 13/02/2013] [13:12 22/01/2013] B1266A731C2326EBE8E01F46F18728AC
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.23076_none_ca794b2382f7e81c\ntoskrnl.exe --a---- 4678504 bytes [16:54 10/04/2013] [13:33 11/03/2013] 1873B95FCEAA40EC9CADF2C1BB61ABF2
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.23154_none_ca8cec4d82e97ab3\ntoskrnl.exe --a---- 4664256 bytes [20:41 14/08/2013] [04:08 08/07/2013] B1AAE884320029A58F72B7CE0ABBDDB2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18881_none_c9e004d869e6b24e_ntoskrnl.exe_0fb0ab79 --a---- 4691904 bytes [07:35 15/08/2013] [07:11 15/08/2013] 82272D72710ED6A40E9A2A2286A9BBF4
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

My apologies. I forgot your system is 64-bit so you'll have to run a different version of SystemLook. Please download this one and run it with the same script as before and post that log.

http://downloads.malwareremoval.com/SystemLook/SystemLook_x64.exe


----------



## Franknj229 (Sep 21, 2009)

Froze up again this afternoon while I was reading a news article on Yahoo. Here is the new SystemLook Log:

SystemLook 04.09.10 by jpshortstuff
Log created at 01:14 on 24/09/2013 by Franknj229
Administrator - Elevation successful
========== filefind ==========
Searching for "*ntoskrnl*"
C:\Windows\erdnt\cache64\ntoskrnl.exe --a---- 4691904 bytes [00:33 31/01/2013] [04:51 08/07/2013] 82272D72710ED6A40E9A2A2286A9BBF4
C:\Windows\System32\ntoskrnl.exe --a---- 4691904 bytes [20:41 14/08/2013] [04:51 08/07/2013] 82272D72710ED6A40E9A2A2286A9BBF4
C:\Windows\System32\migwiz\dlmanifests\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\SysWOW64\migwiz\dlmanifests\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_5e9751023bf73111\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\winsxs\amd64_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_6082ca0e3918fc5d\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_c636b1f06f7ee0e5\ntoskrnl.exe --a---- 4429368 bytes [05:17 01/04/2009] [04:56 18/09/2008] 2A87B3D380E3800BF247D82E58F0FCBA
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_c64852866f7240ce\ntoskrnl.exe --a---- 4427232 bytes [23:14 15/04/2009] [04:44 03/03/2009] 8B3095B00E832ABFC7047A04E681CCDE
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_c669c47a6f590379\ntoskrnl.exe --a---- 4425288 bytes [16:37 18/10/2009] [15:07 05/08/2009] C53B06CB817845873A3D32C1BAD33727
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16973_none_c620159a6f8ff9be\ntoskrnl.exe --a---- 4425304 bytes [21:43 09/02/2010] [21:09 08/12/2009] 5183EBE8114DA62A532E275CFB3729CC
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_c653fcc46f696e9d\ntoskrnl.exe --a---- 4424072 bytes [23:09 13/04/2010] [15:05 18/02/2010] 8E3658ABC4A2053DBEA37C84E416DEB5
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_c6ddbf878886ddfe\ntoskrnl.exe --a---- 4416056 bytes [05:17 01/04/2009] [04:41 18/09/2008] EFAAC7A874B65DF3F26B5092291D4859
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_c6df983d888543ee\ntoskrnl.exe --a---- 4413936 bytes [23:14 15/04/2009] [04:38 03/03/2009] CC172711FF2FCE0673321A951B02C379
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_c6f339678876d685\ntoskrnl.exe --a---- 4412488 bytes [16:37 18/10/2009] [15:14 05/08/2009] 5E99FFD02816FF54247294C7C9C003B9
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21175_none_c6ab8b1b88abff78\ntoskrnl.exe --a---- 4412504 bytes [21:43 09/02/2010] [21:05 08/12/2009] 46B167601033C2DB4E1A727569A8CA31
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21226_none_c6e29ce788828a41\ntoskrnl.exe --a---- 4411272 bytes [23:09 13/04/2010] [15:10 18/02/2010] AF706D838B59A6C30D8B46C5C2D9D2FD
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_c84efd246c80839e\ntoskrnl.exe --a---- 4694072 bytes [02:49 21/01/2008] [02:49 21/01/2008] 6760643D6400CA78640E9DD3824115B1
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_c8111e7a6cae7749\ntoskrnl.exe --a---- 4694584 bytes [05:17 01/04/2009] [08:53 26/04/2008] 6DEA6827709FC6F047580111651DFF02
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_c828c0cc6c9c6f3c\ntoskrnl.exe --a---- 4694584 bytes [05:17 01/04/2009] [04:56 18/09/2008] 247A2AAF7E5189716192EE19EC6EC6FB
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_c83f62d46c8b4dd8\ntoskrnl.exe --a---- 4692448 bytes [23:14 15/04/2009] [05:02 03/03/2009] ED97E8551F0B1844250ED1B07393B10D
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_c85303fe6c7ce06f\ntoskrnl.exe --a---- 4691016 bytes [16:37 18/10/2009] [14:56 05/08/2009] 043EB4B7C74C189E06584411B2C9EB8F
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18377_none_c80a55686cb2f00b\ntoskrnl.exe --a---- 4691032 bytes [21:43 09/02/2010] [20:59 08/12/2009] E50C900C7F479886F26FA60ADBEE5852
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18427_none_c84066ea6c8a617d\ntoskrnl.exe --a---- 4690832 bytes [23:09 13/04/2010] [15:01 18/02/2010] 413D579C2CDEF19CD842F4DF4A90C4ED
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_c80087ac6cba227a\ntoskrnl.exe --a---- 4690832 bytes [05:11 12/08/2010] [17:47 08/06/2010] CCCD9EE56C92778385A3E715DC3D5ABF
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_c836992e6c9193ec\ntoskrnl.exe --a---- 4692368 bytes [02:08 09/02/2011] [14:02 15/10/2010] 760A67A51D409EB396D1942D5555435C
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_c89ebc6d85c87c6f\ntoskrnl.exe --a---- 4694584 bytes [05:17 01/04/2009] [08:43 26/04/2008] A1DC0EFF401FE35688F1046F10BEE5BF
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_c8a0bee785c6ac44\ntoskrnl.exe --a---- 4694584 bytes [05:17 01/04/2009] [05:56 18/09/2008] 5E31190EF331709EAB9FB66C3683540B
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_c88b20f585d6e14d\ntoskrnl.exe --a---- 4691424 bytes [23:14 15/04/2009] [05:04 03/03/2009] 65252FED486E5BF1E384CA65C16148C7
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_c88b22db85d6de74\ntoskrnl.exe --a---- 4682824 bytes [16:37 18/10/2009] [14:12 05/08/2009] 0170600F2A613CE3E8CC2B66A6DC7885
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22577_none_c893f41985d08cfc\ntoskrnl.exe --a---- 4678232 bytes [21:43 09/02/2010] [21:13 08/12/2009] 6DC7FC9EB17EF1CB809AED351DE91DB9
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22636_none_c8be356585b10108\ntoskrnl.exe --a---- 4678032 bytes [23:09 13/04/2010] [15:04 18/02/2010] C0EC74895F90E5E788061C7F305F57D1
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_c8dfa7598597c3b3\ntoskrnl.exe --a---- 4675976 bytes [05:11 12/08/2010] [17:18 08/06/2010] 31F137EEB5121654A9448904D89209A2
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_c893f7e585d0874a\ntoskrnl.exe --a---- 4678032 bytes [02:08 09/02/2011] [14:02 15/10/2010] 3A22B135BC4341025E19B9ADFB26C02A
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_ca3a763069a24eea\ntoskrnl.exe --a---- 4699608 bytes [14:46 01/08/2009] [07:15 11/04/2009] 1B60CCC70788044404EEFBBB389FC111
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_c9e0f5f269e5e26d\ntoskrnl.exe --a---- 4698168 bytes [16:37 18/10/2009] [12:47 04/08/2009] 8E43DA6C8040C68446AA4B5D84C8127A
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18160_none_c9f4971c69d77504\ntoskrnl.exe --a---- 4698184 bytes [21:43 09/02/2010] [20:22 08/12/2009] 9668520760E72E1B1B9EDFB7BFB6A691
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18209_none_ca3e7b24699eae94\ntoskrnl.exe --a---- 4697992 bytes [23:09 13/04/2010] [14:28 18/02/2010] 72FD908E7D1F176C00F1EF8F3D1445B0
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_c9fb9b0869d1238c\ntoskrnl.exe --a---- 4697992 bytes [05:11 12/08/2010] [18:00 08/06/2010] 825926D6AD714A529F4069D9EBBD1D3B
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_ca26dc9e69b0b0ef\ntoskrnl.exe --a---- 4699024 bytes [02:08 09/02/2011] [14:02 15/10/2010] 4065E920FB6ED05B5F62A1FB6908C6C5
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18484_none_c9e2fe1e69e409b7\ntoskrnl.exe --a---- 4699536 bytes [18:21 09/08/2011] [08:45 20/06/2011] A26DE9288D67E4EAC2D1205043AFD430
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18595_none_c9d9306269eb3c26\ntoskrnl.exe --a---- 4699520 bytes [03:33 11/04/2012] [06:44 06/03/2012] 98581CA6B029D491F60E32A045BC4FF1
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18607_none_ca3c822869a07082\ntoskrnl.exe --a---- 4699520 bytes [14:17 10/05/2012] [08:22 03/04/2012] 7180984A68411B9D2F2495E03561B47E
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18686_none_c9e5027e69e236b3\ntoskrnl.exe --a---- 4699520 bytes [19:28 10/10/2012] [11:40 29/08/2012] 1A14913D51571403CF8A3941BDC3BA67
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18765_none_c9f9a3f269d2e2a1\ntoskrnl.exe --a---- 4695400 bytes [15:24 13/02/2013] [05:37 05/01/2013] 8A3AB79510C3384BF14D1731DD1ED963
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18805_none_ca3a856069a23822\ntoskrnl.exe --a---- 4691304 bytes [16:54 10/04/2013] [13:33 11/03/2013] 1F8B1075A863117A35EE94436E2962E7
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18881_none_c9e004d869e6b24e\ntoskrnl.exe --a---- 4691904 bytes [20:41 14/08/2013] [04:51 08/07/2013] 82272D72710ED6A40E9A2A2286A9BBF4
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_ca5ec287830c84d1\ntoskrnl.exe --a---- 4693576 bytes [16:37 18/10/2009] [14:09 05/08/2009] 0DD0FCFB9609403352FF75656826E82F
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22283_none_ca6b94ed830298b5\ntoskrnl.exe --a---- 4691528 bytes [21:43 09/02/2010] [20:05 08/12/2009] CBA7366E93C4DCAA62005A177EEC2FCE
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22341_none_ca94d5ef82e3f36a\ntoskrnl.exe --a---- 4690304 bytes [23:09 13/04/2010] [14:22 18/02/2010] AE0C10C55347383C0CD6CFF3F4794FD7
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_caa9776382d49f58\ntoskrnl.exe --a---- 4688256 bytes [05:11 12/08/2010] [18:10 08/06/2010] 04C706018E9F0A2C835A427A8AB6EBA1
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_cac41a9382bfe350\ntoskrnl.exe --a---- 4689808 bytes [02:08 09/02/2011] [14:02 15/10/2010] 255A6D981139EFEF605A88E003D1B2A2
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22662_none_ca803c1382f33c18\ntoskrnl.exe --a---- 4688784 bytes [18:21 09/08/2011] [08:45 20/06/2011] D14B8C4AB6C05B89D430D3911FE2833B
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22811_none_cab54f3182cb915a\ntoskrnl.exe --a---- 4687744 bytes [03:33 11/04/2012] [06:44 06/03/2012] B448C24F801DC79661E30DBC8E739DB2
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_ca9faf5982dbc93c\ntoskrnl.exe --a---- 4687232 bytes [14:17 10/05/2012] [08:22 03/04/2012] B59E026F49BF06B435795F867AD46009
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22920_none_caa980e182d4911b\ntoskrnl.exe --a---- 4686208 bytes [19:28 10/10/2012] [11:40 29/08/2012] 34C970A45CCC0D65A4A0F8D306E12844
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.23025_none_caae5a7582d04310\ntoskrnl.exe --a---- 4681592 bytes [15:24 13/02/2013] [13:12 22/01/2013] B1266A731C2326EBE8E01F46F18728AC
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.23076_none_ca794b2382f7e81c\ntoskrnl.exe --a---- 4678504 bytes [16:54 10/04/2013] [13:33 11/03/2013] 1873B95FCEAA40EC9CADF2C1BB61ABF2
C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.23154_none_ca8cec4d82e97ab3\ntoskrnl.exe --a---- 4664256 bytes [20:41 14/08/2013] [04:08 08/07/2013] B1AAE884320029A58F72B7CE0ABBDDB2
C:\Windows\winsxs\Backup\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18881_none_c9e004d869e6b24e_ntoskrnl.exe_0fb0ab79 --a---- 4691904 bytes [07:35 15/08/2013] [07:11 15/08/2013] 82272D72710ED6A40E9A2A2286A9BBF4
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6001.18000_none_0278b57e8399bfdb\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\ntoskrnl-DL.man --a---- 4094 bytes [15:02 02/11/2006] [15:02 02/11/2006] 29D51C04AD3EB0DF997DAA2195AFA2CC
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

There doesn't appear to be anything wrong with that file. The md5 marker indicates that it's signed by Microsoft.

Please remove the version of FRST that you have and then grab the latest one and run a new scan. There were a couple of things that needed to be fixed and I want to see if they are still showing.

Please download FRST (Farbar Recovery Scan Tool) and save it to your desktop.

*Note*: You need to run the version that's compatible with your system (32-bit or 64-bit).


Double-click FRST to run it. When the tool opens click *Yes* to the disclaimer.
Press the *Scan* button.
It will make a log named (*FRST.txt*) in the same directory the tool is run (which should be on the desktop). Please copy and paste the contents of the log in your reply.
The first time the tool is run it makes a second log named (*Addition.txt*). Please copy and paste the contents of that log as well.


----------



## Franknj229 (Sep 21, 2009)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-09-2013
Ran by Franknj229 (administrator) on FRANKNJ229-PC on 24-09-2013 20:00:43
Running from C:\Users\Franknj229\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BioWare) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\ASUS\Six Engine\SixEngine.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(GameStop Corp.) C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
() C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\ASUS\TurboV\TurboV.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Portrait Displays, Inc) C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Apple Inc.) C:\Program Files (x86)\QuickTime\QTTask.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\RivaTuner v2.24\RivaTuner.exe
(Nick Connors) C:\Users\Franknj229\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor[1].gadget\GPUMonitor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Video Games\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RivaTuner] - C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe [24576 2009-02-25] ()
HKLM\...\Run: [RivaTunerStartupDaemon] - C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe [24576 2009-02-25] ()
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-24] (CANON INC.)
HKCU\...\Run: [Steam] - c:\program files (x86)\steam\video games\steam.exe [1814440 2013-09-21] (Valve Corporation)
HKCU\...\Run: [igndlm.exe] - C:\Program Files (x86)\Download Manager\DLM.exe [1103216 2009-10-27] (IGN Entertainment)
HKCU\...\Run: [Adobe Reader Synchronizer] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1272704 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TurboV] - C:\Program Files\ASUS\TurboV\TurboV.exe [4040192 2008-10-21] ()
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-28] (Bitleader)
HKLM-x32\...\Run: [PivotSoftware] - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe [694008 2007-02-09] ()
HKLM-x32\...\Run: [DT ACR] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [81920 2008-06-06] ()
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2008-04-15] (Analog Devices, Inc.)
HKLM-x32\...\Run: [MSN Toolbar] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe [240992 2009-12-08] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-10-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-03-03] (Kaspersky Lab ZAO)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\UpdatusUser\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
ShortcutTarget: GameStop Now.lnk -> C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
Startup: C:\Users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Franknj229\AppData\Local\Autobahn\nexdef.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: HKLM-x32 {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {87BE3784-6977-4E84-AA08-55A96B9CEAC5} http://cam4231246.viewnetcam.com:5001/bl_camera.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://barkatl9991.viewnetcam.com:5007/MpegInst.cab
DPF: HKLM-x32 {F3D4C08D-3616-43F0-9E29-44C749B0664B} http://cam8997481.viewnetcam.com:5009/JpegInst.cab
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46
Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\FRANKN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\FRANKN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\FRANKN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\FRANKN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx
==================== Services (Whitelisted) =================
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [86016 2008-08-15] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-03-03] (Kaspersky Lab ZAO)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-06-06] ()
R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2008-01-22] (Nero AG)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-04-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-09-07] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-24] (Kaspersky Lab ZAO)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [173096 2008-06-23] (Marvell Semiconductor, Inc.)
R0 mv64xx; C:\Windows\System32\DRIVERS\mv64xx.sys [316456 2008-07-31] (Marvell Semiconductor, Inc.)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20520 2008-06-04] (Portrait Displays, Inc.)
R3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [19952 2009-04-06] ()
R3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [19952 2009-04-06] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [106256 2013-04-12] (Oracle Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
S3 catchme; \??\C:\Puppy\catchme.sys [x]
S3 cpuz132; \??\C:\Users\FRANKN~1\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-04-24] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2013-09-24 19:57 - 2013-09-24 19:57 - 01955802 _____ (Farbar) C:\Users\Franknj229\Desktop\FRST64.exe
2013-09-24 01:14 - 2013-09-24 01:14 - 00096256 _____ C:\Users\Franknj229\Desktop\SystemLook_x64.exe
2013-09-23 01:30 - 2013-09-24 01:16 - 00025912 _____ C:\Users\Franknj229\Desktop\SystemLook.txt
2013-09-23 01:30 - 2013-09-23 01:30 - 00075264 _____ C:\Users\Franknj229\Desktop\SystemLook.exe
2013-09-21 10:46 - 2013-09-21 10:46 - 00002883 _____ C:\Users\Franknj229\Desktop\RKreport[0]_S_09212013_104633.txt
2013-09-21 10:45 - 2013-09-21 10:47 - 00000000 ____D C:\Users\Franknj229\Desktop\RK_Quarantine
2013-09-21 10:43 - 2013-09-21 10:43 - 00922112 _____ C:\Users\Franknj229\Desktop\RogueKiller.exe
2013-09-21 02:30 - 2013-09-21 02:30 - 00377856 _____ C:\Users\Franknj229\Desktop\m1ul5nqz.exe
2013-09-20 20:31 - 2013-09-20 20:31 - 00262144 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-19 11:17 - 2013-09-19 11:17 - 00018670 _____ C:\ComboFix.txt
2013-09-18 10:53 - 2013-09-18 10:53 - 00000000 ____D C:\FRST
2013-09-16 21:52 - 2013-09-19 11:17 - 00000000 ____D C:\Qoobox
2013-09-16 21:52 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-16 21:52 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-16 21:52 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-16 21:52 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-16 21:50 - 2013-09-16 21:50 - 05126417 ____R (Swearware) C:\Users\Franknj229\Desktop\Puppy.exe
2013-09-15 22:34 - 2013-09-15 22:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franknj229\Desktop\tdsskiller.exe
2013-09-14 21:59 - 2013-09-14 21:59 - 00007007 _____ C:\Users\Franknj229\Desktop\attach.txt
2013-09-14 21:59 - 2013-09-14 21:57 - 00022217 _____ C:\Users\Franknj229\Desktop\dds.txt
2013-09-14 21:56 - 2013-09-14 21:56 - 00688992 ____R (Swearware) C:\Users\Franknj229\Desktop\dds.scr
2013-09-14 21:55 - 2013-09-14 21:55 - 00013919 _____ C:\Users\Franknj229\Desktop\hijackthis.log
2013-09-14 21:54 - 2013-09-14 21:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Franknj229\Desktop\HijackThis.exe
2013-09-14 18:51 - 2013-09-14 18:51 - 00262144 _____ C:\Windows\Minidump\Mini091413-01.dmp
2013-09-12 03:05 - 2013-07-31 10:17 - 17833472 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 03:05 - 2013-07-31 09:42 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 03:05 - 2013-07-31 09:29 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 03:05 - 2013-07-31 09:20 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 03:05 - 2013-07-31 09:19 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 03:05 - 2013-07-31 09:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 03:05 - 2013-07-31 09:17 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 03:05 - 2013-07-31 09:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 03:05 - 2013-07-31 09:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 03:05 - 2013-07-31 09:13 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 03:05 - 2013-07-31 09:13 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-12 03:05 - 2013-07-31 09:11 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 03:05 - 2013-07-31 09:11 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 03:05 - 2013-07-31 09:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 03:05 - 2013-07-31 09:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 03:05 - 2013-07-31 09:05 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 03:05 - 2013-07-31 06:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 03:05 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 03:05 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 03:05 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 03:05 - 2013-07-31 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-12 03:05 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 03:05 - 2013-07-31 05:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-12 03:05 - 2013-07-31 05:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 03:05 - 2013-07-31 05:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 03:05 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-12 03:05 - 2013-07-31 05:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-12 03:05 - 2013-07-31 05:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 03:05 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 03:05 - 2013-07-31 05:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 03:05 - 2013-07-31 05:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-12 03:05 - 2013-07-31 05:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-11 11:06 - 2013-08-07 22:03 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 11:06 - 2013-07-16 05:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2013-09-11 11:06 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2013-09-08 11:00 - 2013-09-08 23:36 - 00016429 _____ C:\Users\Franknj229\Desktop\Full year box pool research.ods
2013-09-07 23:24 - 2013-09-07 23:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-07 03:02 - 2013-09-07 03:02 - 00460936 _____ C:\Windows\dd_vcredistMSI5723.txt
2013-09-07 03:02 - 2013-09-07 03:02 - 00011590 _____ C:\Windows\dd_vcredistUI5723.txt
2013-09-07 03:01 - 2013-09-07 03:02 - 00458572 _____ C:\Windows\dd_vcredistMSI56C1.txt
2013-09-07 03:01 - 2013-09-07 03:02 - 00011622 _____ C:\Windows\dd_vcredistUI56C1.txt
2013-09-06 14:25 - 2013-09-06 14:25 - 00204048 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-09-06 14:25 - 2013-09-06 14:25 - 00146704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-09-04 10:08 - 2013-09-07 23:16 - 00000000 ____D C:\Users\Franknj229\Desktop\Sophie
2013-08-28 03:05 - 2013-08-02 10:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-28 03:05 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
==================== One Month Modified Files and Folders =======
2018-01-02 10:23 - 2009-04-06 22:04 - 00000000 ____D C:\Users\Franknj229\Downloads\Guru3D.com
2013-09-24 19:57 - 2013-09-24 19:57 - 01955802 _____ (Farbar) C:\Users\Franknj229\Desktop\FRST64.exe
2013-09-24 19:51 - 2012-09-21 22:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-24 19:50 - 2013-03-03 12:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-09-24 19:27 - 2006-11-02 11:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-24 19:27 - 2006-11-02 11:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-24 19:17 - 2010-05-05 16:20 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-24 18:17 - 2010-05-05 16:20 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-24 16:39 - 2008-01-20 21:53 - 01206051 _____ C:\Windows\WindowsUpdate.log
2013-09-24 13:50 - 2009-06-02 20:43 - 00000000 ____D C:\Users\Franknj229\.VirtualBox
2013-09-24 13:06 - 2009-05-17 21:16 - 00025525 _____ C:\Users\Franknj229\Documents\Budget.ods
2013-09-24 01:16 - 2013-09-23 01:30 - 00025912 _____ C:\Users\Franknj229\Desktop\SystemLook.txt
2013-09-24 01:14 - 2013-09-24 01:14 - 00096256 _____ C:\Users\Franknj229\Desktop\SystemLook_x64.exe
2013-09-23 20:13 - 2006-11-02 08:46 - 00735700 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-23 20:09 - 2009-04-01 02:06 - 00000397 _____ C:\Windows\lgfwup.ini
2013-09-23 20:09 - 2009-04-01 02:06 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2013-09-23 20:07 - 2009-04-01 01:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-23 20:07 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-23 04:03 - 2009-11-23 00:09 - 00000000 ____D C:\Users\Franknj229\AppData\Roaming\vlc
2013-09-23 01:30 - 2013-09-23 01:30 - 00075264 _____ C:\Users\Franknj229\Desktop\SystemLook.exe
2013-09-22 00:27 - 2006-11-02 11:42 - 00032638 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-21 10:47 - 2013-09-21 10:45 - 00000000 ____D C:\Users\Franknj229\Desktop\RK_Quarantine
2013-09-21 10:46 - 2013-09-21 10:46 - 00002883 _____ C:\Users\Franknj229\Desktop\RKreport[0]_S_09212013_104633.txt
2013-09-21 10:43 - 2013-09-21 10:43 - 00922112 _____ C:\Users\Franknj229\Desktop\RogueKiller.exe
2013-09-21 02:30 - 2013-09-21 02:30 - 00377856 _____ C:\Users\Franknj229\Desktop\m1ul5nqz.exe
2013-09-20 20:31 - 2013-09-20 20:31 - 00262144 _____ C:\Windows\Minidump\Mini092013-01.dmp
2013-09-20 20:31 - 2009-12-23 14:16 - 770083881 _____ C:\Windows\MEMORY.DMP
2013-09-20 20:31 - 2009-12-23 14:16 - 00000000 ____D C:\Windows\Minidump
2013-09-20 01:52 - 2012-09-21 22:04 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-20 01:52 - 2012-04-09 21:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 01:52 - 2011-07-10 10:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-19 11:17 - 2013-09-19 11:17 - 00018670 _____ C:\ComboFix.txt
2013-09-19 11:17 - 2013-09-16 21:52 - 00000000 ____D C:\Qoobox
2013-09-19 11:14 - 2010-10-17 17:04 - 00000680 _____ C:\Users\Franknj229\AppData\Local\d3d9caps.dat
2013-09-19 11:13 - 2006-11-02 08:34 - 00000215 _____ C:\Windows\system.ini
2013-09-19 10:11 - 2008-01-20 23:26 - 00190236 _____ C:\Windows\PFRO.log
2013-09-19 10:10 - 2013-01-27 02:45 - 64749568 _____ C:\Windows\system32\config\SOFTWARE.bak
2013-09-19 10:10 - 2006-11-02 08:33 - 58982400 _____ C:\Windows\system32\config\COMPONENTS.bak
2013-09-19 10:10 - 2006-11-02 08:33 - 22282240 _____ C:\Windows\system32\config\SYSTEM.bak
2013-09-19 10:10 - 2006-11-02 08:33 - 01048576 _____ C:\Windows\system32\config\DEFAULT.bak
2013-09-19 10:10 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2013-09-19 10:10 - 2006-11-02 08:33 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2013-09-19 10:09 - 2013-01-30 20:21 - 00000000 ____D C:\Windows\erdnt
2013-09-18 23:10 - 2013-05-16 22:28 - 00000000 ____D C:\Users\Franknj229\Desktop\Pinning Ceremony 5-16-13
2013-09-18 23:02 - 2009-04-01 03:02 - 00061952 _____ C:\Users\Franknj229\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-18 10:53 - 2013-09-18 10:53 - 00000000 ____D C:\FRST
2013-09-16 21:50 - 2013-09-16 21:50 - 05126417 ____R (Swearware) C:\Users\Franknj229\Desktop\Puppy.exe
2013-09-16 17:34 - 2012-10-13 12:47 - 00000000 ____D C:\Bovada
2013-09-15 22:34 - 2013-09-15 22:34 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Franknj229\Desktop\tdsskiller.exe
2013-09-14 21:59 - 2013-09-14 21:59 - 00007007 _____ C:\Users\Franknj229\Desktop\attach.txt
2013-09-14 21:57 - 2013-09-14 21:59 - 00022217 _____ C:\Users\Franknj229\Desktop\dds.txt
2013-09-14 21:56 - 2013-09-14 21:56 - 00688992 ____R (Swearware) C:\Users\Franknj229\Desktop\dds.scr
2013-09-14 21:55 - 2013-09-14 21:55 - 00013919 _____ C:\Users\Franknj229\Desktop\hijackthis.log
2013-09-14 21:54 - 2013-09-14 21:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Franknj229\Desktop\HijackThis.exe
2013-09-14 18:51 - 2013-09-14 18:51 - 00262144 _____ C:\Windows\Minidump\Mini091413-01.dmp
2013-09-12 07:30 - 2006-11-02 11:21 - 00252968 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 03:11 - 2013-08-15 03:04 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 03:09 - 2006-11-02 08:35 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-11 12:53 - 2012-05-10 09:29 - 00000000 ____D C:\Users\Franknj229\Desktop\For Facebook 5-10
2013-09-11 12:31 - 2013-08-21 03:17 - 00000000 ____D C:\Users\Franknj229\Desktop\iPhone pics as of 8-21-13
2013-09-09 19:57 - 2012-04-11 09:51 - 00000983 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2013-09-09 19:57 - 2009-03-31 23:52 - 00000000 ____D C:\Users\Franknj229
2013-09-08 23:36 - 2013-09-08 11:00 - 00016429 _____ C:\Users\Franknj229\Desktop\Full year box pool research.ods
2013-09-08 14:30 - 2013-04-21 17:51 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-09-07 23:24 - 2013-09-07 23:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-09-07 23:16 - 2013-09-04 10:08 - 00000000 ____D C:\Users\Franknj229\Desktop\Sophie
2013-09-07 12:48 - 2012-06-08 12:38 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-09-07 03:02 - 2013-09-07 03:02 - 00460936 _____ C:\Windows\dd_vcredistMSI5723.txt
2013-09-07 03:02 - 2013-09-07 03:02 - 00011590 _____ C:\Windows\dd_vcredistUI5723.txt
2013-09-07 03:02 - 2013-09-07 03:01 - 00458572 _____ C:\Windows\dd_vcredistMSI56C1.txt
2013-09-07 03:02 - 2013-09-07 03:01 - 00011622 _____ C:\Windows\dd_vcredistUI56C1.txt
2013-09-06 14:27 - 2013-08-19 15:52 - 00238352 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-09-06 14:25 - 2013-09-06 14:25 - 00204048 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
2013-09-06 14:25 - 2013-09-06 14:25 - 00146704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2013-09-06 14:25 - 2013-08-19 15:52 - 00119056 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-09-06 14:25 - 2013-07-04 15:57 - 00131856 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2013-09-06 12:22 - 2009-04-08 19:42 - 00000000 ____D C:\Users\Franknj229\Documents\Passwords and codes
2013-08-31 16:16 - 2009-04-06 19:14 - 00000000 ____D C:\Users\Franknj229\AppData\Local\Autobahn
2013-08-31 16:16 - 2009-03-31 23:52 - 00000000 ___RD C:\Users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-09-23 20:16
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-09-2013
Ran by Franknj229 at 2013-09-24 20:01:04
Running from C:\Users\Franknj229\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
AA3Deploy (HKCU Version: 1.2.0.3)
Acer eDisplay Management (x32 Version: 1.20.011)
Acrobat.com (x32 Version: 2.3.0)
Acrobat.com (x32 Version: 2.3.0.0)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 10 Plugin (x32 Version: 10.0.45.2)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Reader X (10.1.8) (x32 Version: 10.1.8)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.7.637)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BovadaPoker (x32 Version: )
Canon Easy-PhotoPrint EX (x32)
Canon MP Navigator EX 4.0 (x32)
Canon MP495 series MP Drivers
Canon MP495 series User Registration (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Catalina Savings Printer (x32 Version: 1.0.0)
Creation Kit (x32)
CyberLink DVD Suite (x32 Version: 5.0.3019)
Download Manager 2.3.10 (x32 Version: 2.3.10)
Dragon Age DLC Service (x32 Version: 1.0)
Dragon Age DLC Service (x32)
Dragon Age II (x32 Version: 1.03)
Dragon Age Origins - Ultimate Edition (x32)
Dragon Age: Origins (x32 Version: 1.04)
EA Installer (x32 Version: 2.2.0.62)
EA Shared Game Component: Activation (x32 Version: 2.2.0)
EA Shared Game Component: Activation (x32 Version: 2.2.0.62)
EPU-6 Engine (x32 Version: 1.00.26)
ESET Online Scanner v3 (x32)
EVGA Precision 1.4.0 (x32)
Express Gate (x32 Version: 1.3.3.1)
Fallout: New Vegas (x32)
Fraps (x32)
GameFly (x32 Version: 1.2.248)
GameStop App (x32 Version: 4.00)
Garmin Communicator Plugin (x32 Version: 2.8.1)
Garmin POI Loader (x32 Version: 2.5.3.0)
Garmin USB Drivers (x32 Version: 1.0.0.0)
Google Chrome (x32 Version: 29.0.1547.76)
Google Earth Plug-in (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
HGTV Instant Makeover Workshop (x32 Version: 1.00.0000)
Host OpenAL (ADI) (x32)
iCloud (Version: 2.1.2.8)
Intel(R) Processor ID Utility (x32 Version: 4.20.0000)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190)
Left 4 Dead (x32)
Left 4 Dead 2 Demo (x32)
LG ODD Auto Firmware Update (x32 Version: 10.01.0712.01)
Lightworks (x32 Version: 11.0.3.0)
Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100)
marvell 61xx (x32 Version: 1.2.0.47)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (x32)
Microsoft .NET Framework 1.1 Security Update (KB2742597) (x32)
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Default Manager (x32 Version: 2.1.54.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.2.3.0)
Microsoft Search Enhancement Pack (x32 Version: 3.0.126.0)
Microsoft Silverlight (x32 Version: 5.1.20513.0)
Microsoft UI Engine (x32 Version: 4.0.0318.1)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (x32 Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Move Media Player (HKCU)
MSN Toolbar (x32 Version: 4.0.0379.0)
MSN Toolbar Platform (x32 Version: 4.0.0379.0)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero 7 Essentials (x32 Version: 7.03.1303)
neroxml (x32 Version: 1.0.0)
NVIDIA 3D Vision Controller Driver 306.97 (Version: 306.97)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.2 (x32 Version: 3.2.9502)
Oracle VM VirtualBox 4.2.18 (Version: 4.2.18)
Origin (x32 Version: 9.0.15.65)
Overhead Door Configurator (x32 Version: 1.0)
Overhead Door Configurator (x32 Version: v1.0)
Peggle Extreme (x32)
PhotoStage Slideshow Producer (x32)
Pivot Software (x32 Version: 8.21.013)
PokerStars (x32)
Portal (x32)
Prism Video File Converter (x32)
Puzzle Agent (x32)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.74.80.86)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (x32 Version: 1.00.0000)
RealUpgrade 1.1 (x32 Version: 1.1.0)
RivaTuner v2.24 (x32 Version: v2.24)
SDK (x32 Version: 2.05.004)
Sid Meier's Civilization V (x32)
SoundMAX (x32 Version: 6.10.2.6520)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
System Requirements Lab (x32)
The Elder Scrolls V: Skyrim (x32)
Torchlight II (x32)
TrueCrypt (x32 Version: 7.1a)
TurboV (x32 Version: 1.00.17)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (x32 Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
VideoPad Video Editor (x32)
Vista Codec Package (x32 Version: 5.4.1)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 8.0.0.35)
Visual C++ 8.0 Runtime Setup Package (x64) (x32 Version: 9.0.0.623)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
VLC media player 1.0.3 (x32 Version: 1.0.3)
WavePad Sound Editor (x32)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) (Version: 03/08/2007 2.2.1.0)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR archiver
x64 Components v2.1.1 (Version: 2.1.1)
==================== Restore Points =========================
02-09-2013 13:27:24 Scheduled Checkpoint
03-09-2013 04:14:23 Scheduled Checkpoint
03-09-2013 07:00:26 Windows Update
04-09-2013 04:52:07 Scheduled Checkpoint
04-09-2013 07:00:26 Windows Update
05-09-2013 07:00:10 Windows Update
06-09-2013 07:00:27 Windows Update
07-09-2013 06:21:51 Scheduled Checkpoint
07-09-2013 07:00:11 Windows Update
08-09-2013 02:20:30 Removed Microsoft Silverlight
08-09-2013 02:21:03 Removed Microsoft Silverlight
08-09-2013 07:00:27 Windows Update
09-09-2013 07:00:10 Windows Update
09-09-2013 23:54:57 Installed Oracle VM VirtualBox 4.2.18
10-09-2013 07:00:32 Windows Update
11-09-2013 07:00:30 Windows Update
12-09-2013 05:18:43 Scheduled Checkpoint
12-09-2013 07:00:11 Windows Update
12-09-2013 17:33:45 Windows Update
12-09-2013 17:35:51 Windows Update
13-09-2013 07:00:29 Windows Update
14-09-2013 01:31:55 Scheduled Checkpoint
14-09-2013 07:00:28 Windows Update
15-09-2013 17:15:48 Scheduled Checkpoint
16-09-2013 07:00:10 Windows Update
17-09-2013 05:13:08 Scheduled Checkpoint
17-09-2013 07:00:29 Windows Update
18-09-2013 07:00:10 Windows Update
19-09-2013 07:00:27 Windows Update
20-09-2013 04:58:01 Scheduled Checkpoint
20-09-2013 07:00:10 Windows Update
21-09-2013 07:00:10 Windows Update
22-09-2013 05:49:28 Scheduled Checkpoint
22-09-2013 07:00:10 Windows Update
23-09-2013 04:26:54 Scheduled Checkpoint
23-09-2013 07:01:15 Windows Update
24-09-2013 02:01:46 Scheduled Checkpoint
24-09-2013 07:00:10 Windows Update
==================== Hosts content: ==========================
2006-11-02 08:34 - 2013-09-19 11:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0419602C-C6BE-46BB-9F9E-9736364BE33A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20] (Adobe Systems Incorporated)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {16A87F4E-E706-4991-8B79-73B0567E700C} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-10-02] ()
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {3075FB8C-98EA-4269-A6AA-8D7642BB0B84} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2669562794-4212015103-2530955540-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {52D29F94-1040-49F1-A4EE-9F493D3D10C5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {61D0A8FD-BB63-4588-8F90-CA7EBF2620A4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2669562794-4212015103-2530955540-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {7817CEA5-61DB-4A45-A731-08812E045C4E} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Franknj229
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8B2BD96A-1E28-4362-96CE-64CECFEEB994} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05] (Google Inc.)
Task: {8C6F7287-C72A-45A1-9FC0-51B75AB1BB3F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-05] (Google Inc.)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-12-16 13:10 - 2013-02-26 00:32 - 18055184 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2010-11-05 18:46 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2009-05-17 12:34 - 2009-05-17 12:34 - 00178800 _____ (Sony DADC Austria AG.) c:\windows\SysWOW64\cmdlineext_x64.dll
2011-09-16 19:25 - 2010-08-25 05:00 - 00715776 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMDRA9.DLL
2011-09-16 19:25 - 2010-08-25 05:00 - 03124224 _____ (CANON INC.) C:\Windows\system32\spool\DRIVERS\x64\3\CNMUIA9.DLL
2013-08-14 16:41 - 2013-07-09 08:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-12-13 15:27 - 2012-09-28 12:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\syswow64\kernel32.dll
2009-08-01 10:45 - 2009-04-11 02:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.DLL
2013-08-14 16:41 - 2013-07-10 05:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\syswow64\RPCRT4.dll
2012-07-11 11:08 - 2012-06-01 20:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\syswow64\Secur32.dll
2009-08-01 10:46 - 2009-04-11 02:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.dll
2009-08-01 10:46 - 2009-04-11 02:26 - 00648704 _____ (Microsoft Corporation) C:\Windows\syswow64\USER32.dll
2012-07-11 11:08 - 2012-06-08 13:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.DLL
2012-02-14 17:59 - 2011-12-14 12:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\syswow64\msvcrt.dll
2013-01-08 16:29 - 2012-11-21 23:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\syswow64\SHLWAPI.dll
2010-10-13 00:20 - 2010-06-28 13:00 - 01316864 _____ (Microsoft Corporation) C:\Windows\syswow64\OLE32.DLL
2011-10-12 20:08 - 2011-08-25 12:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.DLL
2009-08-01 10:45 - 2009-04-11 02:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\syswow64\MSCTF.dll
2009-07-14 23:52 - 2009-04-11 02:26 - 00023552 _____ (Microsoft Corporation) C:\Windows\syswow64\LPK.DLL
2010-09-15 16:19 - 2010-04-16 12:46 - 00502272 _____ (Microsoft Corporation) C:\Windows\syswow64\USP10.dll
2009-04-01 01:04 - 2005-05-11 16:39 - 00565248 _____ () C:\Program Files\ASUS\Six Engine\pngio.dll
2013-09-12 03:05 - 2013-07-31 05:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\syswow64\WININET.dll
2006-11-02 08:17 - 2006-11-02 04:33 - 00002560 _____ (Microsoft Corporation) C:\Windows\syswow64\Normaliz.dll
2013-09-12 03:05 - 2013-07-31 05:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\syswow64\iertutil.dll
2013-09-12 03:05 - 2013-07-31 05:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\syswow64\urlmon.dll
2008-01-20 22:50 - 2008-01-20 22:50 - 00179200 _____ (Microsoft Corporation) C:\Windows\syswow64\WS2_32.dll
2008-01-20 22:50 - 2008-01-20 22:50 - 00008192 _____ (Microsoft Corporation) C:\Windows\syswow64\NSI.dll
2009-08-01 10:45 - 2009-04-11 02:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\syswow64\COMDLG32.dll
2009-04-01 01:04 - 2008-04-15 10:07 - 00053248 _____ () C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
2009-08-01 10:45 - 2009-04-11 02:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\syswow64\SETUPAPI.dll
2009-08-01 10:45 - 2009-04-11 02:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\syswow64\ADVAPI32.dll
2010-10-13 00:20 - 2010-06-28 13:00 - 01316864 _____ (Microsoft Corporation) C:\Windows\syswow64\ole32.dll
2006-11-02 08:13 - 2006-11-02 05:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\syswow64\PSAPI.DLL
2012-07-11 11:08 - 2012-06-08 13:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\syswow64\SHELL32.dll
2011-10-12 20:08 - 2011-08-25 12:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\syswow64\OLEAUT32.dll
2009-08-01 10:45 - 2009-04-11 02:26 - 00116224 _____ (Microsoft Corporation) C:\Windows\syswow64\IMM32.dll
2012-10-23 23:20 - 2012-10-23 23:20 - 00028160 _____ (RealNetworks, Inc.) C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome150browserrecordhelper.dll
2008-01-20 22:49 - 2008-01-20 22:49 - 00523776 _____ (Microsoft Corporation) C:\Windows\syswow64\CLBCatQ.DLL
2009-04-01 02:14 - 2007-02-09 12:16 - 00245760 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Software\winphook.dll
2012-07-11 11:08 - 2012-06-01 20:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2009-08-01 10:45 - 2009-04-11 02:28 - 00287744 _____ (Microsoft Corporation) C:\Windows\syswow64\WLDAP32.dll
2011-09-27 15:30 - 2011-09-27 15:30 - 00024576 _____ () C:\Program Files (x86)\GameStop App\Now\SDSecurity.dll
2013-09-12 03:05 - 2013-07-31 06:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2009-08-01 10:46 - 2009-04-11 02:26 - 00303616 _____ (Microsoft Corporation) C:\Windows\syswow64\GDI32.DLL
2013-03-14 10:47 - 2013-03-14 10:47 - 00020480 _____ () C:\Users\Franknj229\AppData\Local\Autobahn\rt\bin\jetvm\jvm.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00348160 _____ (Microsoft Corporation) C:\Users\Franknj229\AppData\Local\Autobahn\rt\bin\msvcr71.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00015872 _____ (Sun Microsystems, Inc.) C:\Users\Franknj229\AppData\Local\Autobahn\rt\bin\hpi.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00069632 _____ () C:\Users\Franknj229\AppData\Local\Autobahn\rt\bin\java.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00126976 _____ () C:\Users\Franknj229\AppData\Local\Autobahn\rt\bin\zip.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00159744 _____ () C:\Users\Franknj229\AppData\Local\Autobahn\rt\jetrt\baseline720.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00077824 _____ (Sun Microsystems, Inc.) C:\Users\Franknj229\AppData\Local\Autobahn\rt\bin\net.dll
2013-03-14 10:47 - 2013-03-14 10:47 - 00020480 _____ (Sun Microsystems, Inc.) C:\Users\Franknj229\AppData\Local\Autobahn\rt\bin\nio.dll
2009-04-01 01:09 - 2005-05-11 16:39 - 00565248 _____ () C:\Program Files\ASUS\TurboV\pngio.dll
2009-04-01 01:09 - 2008-09-04 17:42 - 01126912 _____ () C:\Program Files\ASUS\TurboV\OcProfile.dll
2009-04-01 01:09 - 2008-08-21 15:19 - 00126976 _____ () C:\Program Files\ASUS\TurboV\TVOCLIB.DLL
2012-04-10 23:32 - 2012-02-29 11:09 - 00157696 _____ (Microsoft Corporation) C:\Windows\syswow64\imagehlp.dll
2012-06-15 21:32 - 2009-12-08 21:29 - 00312672 _____ (Microsoft Corp.) C:\Users\Franknj229\AppData\Local\Microsoft\Toolbar\Applications\AppMgr.dll
2011-04-25 10:50 - 2011-04-25 10:50 - 00430944 ____N (Microsoft Corp.) C:\Users\Franknj229\AppData\Local\Microsoft\Toolbar\Applications\WLExtension.dll
2009-08-01 10:45 - 2009-04-11 02:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\syswow64\setupapi.DLL
2009-04-01 02:09 - 2001-06-01 09:26 - 00372736 _____ (Intel Corporation) C:\Windows\ijl15.dll
2009-04-01 02:09 - 2002-01-05 05:48 - 00974848 _____ (Microsoft Corporation) C:\Windows\mfc70.dll
2009-04-01 02:09 - 2002-01-05 04:37 - 00344064 _____ (Microsoft Corporation) C:\Windows\MSVCR70.dll
2011-10-12 20:08 - 2011-08-25 12:14 - 00563712 _____ (Microsoft Corporation) C:\Windows\syswow64\oleaut32.dll
2009-04-01 02:09 - 2002-01-05 04:40 - 00487424 _____ (Microsoft Corporation) C:\Windows\msvcp70.dll
2009-04-01 02:09 - 2008-06-06 11:39 - 00102400 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2009-04-01 02:11 - 2008-06-04 17:59 - 00204800 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\WrapI2C.dll
2009-04-01 02:12 - 2008-06-06 11:40 - 00114688 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\colorcal.dll
2009-04-01 02:12 - 2008-06-06 11:40 - 00077824 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll
2009-04-01 02:12 - 2008-06-04 17:58 - 00098304 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\vista.dll
2009-04-01 02:12 - 2008-06-04 17:59 - 00110592 _____ (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\drivers\pdi_nv2.dll
2009-04-01 02:11 - 2008-06-04 17:59 - 00237568 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\di2c.dll
2009-04-01 02:12 - 2008-06-04 17:59 - 00098304 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\smsc.dll
2009-04-01 02:12 - 2008-06-04 17:59 - 00053248 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\drivers\null.dll
2006-11-02 08:13 - 2006-11-02 05:46 - 00012288 _____ (Microsoft Corporation) C:\Windows\syswow64\psapi.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00053024 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 02321336 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtCore4.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 02289080 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtDeclarative4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 01296824 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtScript4.dll
2012-08-17 22:39 - 2012-08-17 22:39 - 00182200 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtSql4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 07269816 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtGui4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 02051512 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtNetwork4.dll
2012-08-17 22:38 - 2012-08-17 22:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00034232 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qgif4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00036792 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qico4.dll
2012-08-17 22:40 - 2012-08-17 22:40 - 00189368 _____ (Digia Plc) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\imageformats\qjpeg4.dll
2009-04-01 02:06 - 1998-06-24 00:00 - 00115016 _____ (Microsoft Corporation) C:\Windows\SysWow64\MSINET.OCX
2009-02-25 13:55 - 2009-02-25 13:55 - 00028672 _____ () C:\Program Files (x86)\RivaTuner v2.24\PlugIns\Monitoring\ADT7473.dll
2009-04-07 17:25 - 2009-04-06 22:57 - 00028672 _____ () C:\Program Files (x86)\RivaTuner v2.24\PlugIns\Monitoring\RTCore.dll
2009-02-25 13:55 - 2009-02-25 13:55 - 00024576 _____ () C:\Program Files (x86)\RivaTuner v2.24\PlugIns\Monitoring\SMART.dll
2013-03-12 17:10 - 2013-08-21 18:18 - 00687104 _____ () C:\Program Files (x86)\Steam\Video Games\SDL2.dll
2011-07-13 12:09 - 2013-09-21 14:35 - 01121192 _____ () C:\Program Files (x86)\Steam\Video Games\bin\chromehtml.dll
2010-04-27 17:40 - 2013-09-10 18:20 - 20625832 _____ () C:\Program Files (x86)\Steam\Video Games\bin\libcef.dll
2012-03-15 09:10 - 2013-06-14 19:49 - 01100800 _____ () C:\Program Files (x86)\Steam\Video Games\bin\avcodec-53.dll
2012-03-15 09:10 - 2013-06-14 19:49 - 00124416 _____ () C:\Program Files (x86)\Steam\Video Games\bin\avutil-51.dll
2012-03-15 09:10 - 2013-06-14 19:49 - 00192000 _____ () C:\Program Files (x86)\Steam\Video Games\bin\avformat-53.dll
2008-01-20 22:47 - 2008-01-20 22:47 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2009-08-01 10:45 - 2009-04-11 02:28 - 00450560 _____ (Microsoft Corporation) C:\Windows\syswow64\comdlg32.dll
2008-01-20 22:51 - 2008-01-20 22:51 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2011-03-31 10:45 - 2011-03-31 10:45 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2008-01-20 22:48 - 2008-01-20 22:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2010-10-27 01:48 - 2010-08-26 12:34 - 01696256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2012-01-31 11:44 - 2011-11-16 12:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WINHTTP.dll
2009-08-01 10:45 - 2009-04-11 02:28 - 01591296 _____ (Microsoft Corporation) C:\Windows\syswow64\setupapi.dll
2013-09-12 03:05 - 2013-07-31 06:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWow64\jscript9.dll
2011-03-31 10:45 - 2011-03-31 10:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dxtrans.dll
2009-08-11 15:51 - 2009-07-17 09:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ATL.DLL
2006-11-02 08:15 - 2006-11-02 05:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ddrawex.dll
2008-01-20 22:50 - 2008-01-20 22:50 - 00522752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DDRAW.dll
2009-07-14 23:52 - 2009-06-15 10:51 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DCIMAN32.dll
2011-03-31 10:45 - 2011-03-31 10:45 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dxtmsft.dll
2013-09-20 01:52 - 2013-09-20 01:52 - 16244616 ____R (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_8_800_175.ocx
2013-09-12 03:05 - 2013-07-31 05:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWow64\vbscript.dll
==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (09/24/2013 05:27:15 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (09/24/2013 05:27:15 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib) (User: )
Description: LsaC:\Windows\system32\Secur32.dll4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib) (User: )
Description: EmdCache4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (09/24/2013 02:26:12 PM) (Source: Perflib) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (09/24/2013 02:26:12 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (09/24/2013 02:26:11 PM) (Source: Perflib) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

System errors:
=============
Error: (09/24/2013 11:26:16 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 00248C239E0A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Error: (09/24/2013 03:02:57 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941){28510982-322D-4077-AFC0-6EF7C4237CE5}203
Error: (09/23/2013 08:10:56 PM) (Source: Service Control Manager) (User: )
Description: Steam Client Service%%1053
Error: (09/23/2013 08:10:56 PM) (Source: Service Control Manager) (User: )
Description: 30000Steam Client Service
Error: (09/23/2013 08:10:54 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069
Error: (09/23/2013 08:10:54 PM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330
Error: (09/23/2013 08:08:18 PM) (Source: Service Control Manager) (User: )
Description: Beep
Error: (09/23/2013 08:07:07 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:16:40 PM on 9/23/2013 was unexpected.
Error: (09/23/2013 00:40:33 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.101 for the Network Card with network address 00248C239E0A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Error: (09/23/2013 03:50:16 AM) (Source: Ntfs) (User: )
Description: The default transaction resource manager on volume J: encountered a non-retryable error and could not start. The data contains the error code.

Microsoft Office Sessions:
=========================
Error: (09/24/2013 05:27:15 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (09/24/2013 05:27:15 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib)(User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib)(User: )
Description: LsaC:\Windows\system32\Secur32.dll4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib)(User: )
Description: ESENTC:\Windows\system32\esentprf.dll4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib)(User: )
Description: EmdCache4
Error: (09/24/2013 05:26:10 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\system32\bitsperf.dll4
Error: (09/24/2013 02:26:12 PM) (Source: Perflib)(User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4
Error: (09/24/2013 02:26:12 PM) (Source: Perflib)(User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (09/24/2013 02:26:11 PM) (Source: Perflib)(User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

CodeIntegrity Errors:
===================================
Date: 2013-09-24 20:01:01.273
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:01:01.146
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:01:01.019
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:01:00.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:00:50.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:00:50.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:00:50.711
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:00:50.584
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:00:50.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.
Date: 2013-09-24 20:00:50.272
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 47%
Total physical RAM: 6134.18 MB
Available physical RAM: 3219.14 MB
Total Pagefile: 12461.88 MB
Available Pagefile: 9319.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:360.95 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (External HDD) (Fixed) (Total:931.51 GB) (Free:450.15 GB) NTFS
Drive f: (Second HDD) (Fixed) (Total:596.17 GB) (Free:471.42 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: A2C2D364)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: B694AEEB)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: E8900690)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================


----------



## Cookiegal (Aug 27, 2003)

Please download the attached *fixlist.txt* file and save it where you saved FRST (which should be the desktop).

*NOTE:* It's important that both files, *FRST* and *fixlist.txt *are in the same location (preferably on the desktop) or the fix will not work.

Run *FRST/FRST64* and press the *Fix* button just once and then wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after the restart.

*NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.*

The tool will make a log on the Desktop (Fixlog.txt). Please post it in your reply.


----------



## Franknj229 (Sep 21, 2009)

Wow. That was a quick process. After I clicked "fix" it instantly popped up the log below. No restart required.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2013
Ran by Franknj229 at 2013-09-25 18:30:59 Run:1
Running from C:\Users\Franknj229\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [304128] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
*****************
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
==== End of Fixlog ====


----------



## Cookiegal (Aug 27, 2003)

Please download the Event Viewer Tool by Vino Rosso *VEW* and save it to your Desktop:


For XP operating sysetms double-click *VEW.exe* For later operating systems right-click VEW.exe and select "Run As Administrator"

Under "Select log to query", select:

*Application*
*System*

Under "Select type to list", select:

*Error*
*Warning*

Click the radio button for "Number of events"
Type *10* in the 1 to 20 box 
Then click the *Run* button.

Notepad will open with the output log. Please copy and paste the contents here.


----------



## Franknj229 (Sep 21, 2009)

Another quick one.


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 25/09/2013 7:41:36 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/09/2013 10:33:26 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 25/09/2013 10:33:26 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 25/09/2013 10:33:24 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 25/09/2013 10:33:24 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "Lsa" in DLL "C:\Windows\system32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 25/09/2013 10:33:24 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 25/09/2013 10:33:24 PM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL EmdCache. The first four bytes (DWORD) of the Data section contains the Windows error code.
Log: 'Application' Date/Time: 25/09/2013 10:33:24 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\system32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 25/09/2013 7:33:30 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 25/09/2013 7:33:30 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 25/09/2013 7:33:28 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 24/09/2013 3:26:22 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (2604) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 416907264 (0x0000000018d98000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (29069 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 23/09/2013 4:40:40 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
Windows (2596) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 106848256 (0x00000000065e6000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (30923 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 23/09/2013 4:40:40 PM
Type: Warning Category: 7
Event: 509 Source: ESENT
Windows (2596) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 265330688 (0x000000000fd0a000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (30923 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 0 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 22/09/2013 4:25:20 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-2669562794-4212015103-2530955540-1000:
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\My
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\CA
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1144 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Root
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1144 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 20/09/2013 5:11:49 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
wuaueng.dll (628) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 92217344 (0x00000000057f2000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (36598 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 19/09/2013 2:09:33 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-2669562794-4212015103-2530955540-1000:
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\My
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\CA
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Root
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1132 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 2036 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 13/09/2013 9:54:44 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (2700) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 83746816 (0x0000000004fde000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (28028 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 29883 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 13/09/2013 1:36:41 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (2700) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 277880832 (0x0000000010902000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (23548 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 12/09/2013 11:27:14 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2669562794-4212015103-2530955540-1000:
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\My
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\CA
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Root
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 3040 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 10/09/2013 7:00:25 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (2612) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 427900928 (0x0000000019814000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (4839 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/09/2013 7:03:41 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941).
Log: 'System' Date/Time: 25/09/2013 7:00:25 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.103 for the Network Card with network address 00248C239E0A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Log: 'System' Date/Time: 25/09/2013 3:26:17 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.101 for the Network Card with network address 00248C239E0A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Log: 'System' Date/Time: 24/09/2013 3:26:16 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.101 for the Network Card with network address 00248C239E0A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Log: 'System' Date/Time: 24/09/2013 7:02:57 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941).
Log: 'System' Date/Time: 24/09/2013 12:10:56 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
Log: 'System' Date/Time: 24/09/2013 12:10:56 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
Log: 'System' Date/Time: 24/09/2013 12:10:54 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 24/09/2013 12:10:54 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 24/09/2013 12:08:18 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/09/2013 1:32:23 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 25/09/2013 7:00:25 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.
Log: 'System' Date/Time: 25/09/2013 3:26:17 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.
Log: 'System' Date/Time: 24/09/2013 3:26:16 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.
Log: 'System' Date/Time: 24/09/2013 4:38:27 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 23/09/2013 4:40:33 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.
Log: 'System' Date/Time: 21/09/2013 6:27:16 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.
Log: 'System' Date/Time: 21/09/2013 6:27:16 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 21/09/2013 12:31:55 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.nist.gov,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Log: 'System' Date/Time: 21/09/2013 12:31:46 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The wait operation timed out.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


----------



## Cookiegal (Aug 27, 2003)

Please run SystemLook again with the following script and post the log.


```
:filefind
*beep*
```


----------



## Franknj229 (Sep 21, 2009)

SystemLook 04.09.10 by jpshortstuff
Log created at 20:02 on 27/09/2013 by Franknj229
Administrator - Elevation successful
========== filefind ==========
Searching for "*beep*"
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead\left4dead\sound\UI\Beep07.wav --a---- 7316 bytes [04:06 03/04/2009] [04:06 03/04/2009] 7C3740F237D7E355D2FDFF8927F84740
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead\left4dead\sound\UI\Beep22.wav --a---- 75614 bytes [04:06 03/04/2009] [04:06 03/04/2009] 1254FAD9930EE3F374833183E82B9003
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead\left4dead\sound\UI\Beep23.wav --a---- 37612 bytes [04:06 03/04/2009] [04:06 03/04/2009] B7FB4EF7656BEF09D4354BF42CE65784
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead\left4dead\sound\UI\BeepClear.wav --a---- 12544 bytes [04:06 03/04/2009] [04:06 03/04/2009] D0B91B310AA4B179AC739A6D0B5F3BF9
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead\left4dead\sound\UI\Beep_Error01.wav --a---- 28782 bytes [04:06 03/04/2009] [04:06 03/04/2009] 9F45617328532A60D224B02B8CFE5B3D
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead\left4dead\sound\UI\Beep_SynthTone01.wav --a---- 75710 bytes [04:06 03/04/2009] [04:06 03/04/2009] 62337790401E675B11928463D6182337
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead\left4dead\sound\weapons\hegrenade\beep.wav --a---- 88710 bytes [04:06 03/04/2009] [04:06 03/04/2009] 2083DD41C5606E7B0DED573E02BA16B3
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2\left4dead2\sound\animation\10_sec_half_beeps.wav --a---- 882656 bytes [03:01 21/01/2010] [03:01 21/01/2010] 14E30900C2D1C40FA40270732052DFBD
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2\left4dead2\sound\ui\beep07.wav --a---- 7316 bytes [03:04 21/01/2010] [03:04 21/01/2010] 7C3740F237D7E355D2FDFF8927F84740
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2\left4dead2\sound\ui\beep22.wav --a---- 75614 bytes [03:04 21/01/2010] [03:04 21/01/2010] 1254FAD9930EE3F374833183E82B9003
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2\left4dead2\sound\ui\beepclear.wav --a---- 12544 bytes [03:04 21/01/2010] [03:04 21/01/2010] D0B91B310AA4B179AC739A6D0B5F3BF9
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2\left4dead2\sound\ui\beep_error01.wav --a---- 28782 bytes [03:04 21/01/2010] [03:04 21/01/2010] 9F45617328532A60D224B02B8CFE5B3D
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2\left4dead2\sound\ui\beep_synthtone01.wav --a---- 75710 bytes [03:04 21/01/2010] [03:04 21/01/2010] 62337790401E675B11928463D6182337
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2\left4dead2\sound\weapons\hegrenade\beep.wav --a---- 88710 bytes [03:04 21/01/2010] [03:04 21/01/2010] 2083DD41C5606E7B0DED573E02BA16B3
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2 demo\left4dead2\sound\ui\beep07.wav --a---- 7316 bytes [01:07 09/11/2009] [01:07 09/11/2009] 7C3740F237D7E355D2FDFF8927F84740
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2 demo\left4dead2\sound\ui\beep22.wav --a---- 75614 bytes [00:59 09/11/2009] [00:59 09/11/2009] 1254FAD9930EE3F374833183E82B9003
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2 demo\left4dead2\sound\ui\beepclear.wav --a---- 12544 bytes [00:58 09/11/2009] [00:58 09/11/2009] D0B91B310AA4B179AC739A6D0B5F3BF9
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2 demo\left4dead2\sound\ui\beep_error01.wav --a---- 28782 bytes [01:07 09/11/2009] [01:07 09/11/2009] 9F45617328532A60D224B02B8CFE5B3D
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2 demo\left4dead2\sound\ui\beep_synthtone01.wav --a---- 75710 bytes [00:58 09/11/2009] [00:58 09/11/2009] 62337790401E675B11928463D6182337
C:\Program Files (x86)\Steam\Video Games\steamapps\common\left 4 dead 2 demo\left4dead2\sound\weapons\hegrenade\beep.wav --a---- 88710 bytes [01:09 09/11/2009] [01:09 09/11/2009] 2083DD41C5606E7B0DED573E02BA16B3
C:\Users\Franknj229\Music\iTunes\iTunes Music\Compilations\Collector's Series\16 Beep! Beep!.m4a --a---- 2008792 bytes [23:56 16/06/2009] [01:28 03/11/2004] B625F25EBDBE70C16061ECDC7107C06E
C:\Users\Franknj229\Music\iTunes\iTunes Music\Missy Elliott\Supa Dupa Fly\05 Beep Me 911 (Featuring 702).m4a --a---- 4815760 bytes [00:00 17/06/2009] [01:51 05/11/2004] 4F0C3DD947B96735AC1C438FE634BD5B
C:\Users\Franknj229\Music\iTunes\iTunes Music\The Playmates\Billboard Hot 100 Singles 1958\58_60 The Playmates - Beep Beep.mp3 --a---- 2674816 bytes [19:06 19/11/2012] [17:49 19/05/2005] 29FBF561934E8C4CEAA48C0DC2CCF931
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please run SystemLook again with the following script:


```
:reg
beep
```


----------



## Franknj229 (Sep 21, 2009)

SystemLook 04.09.10 by jpshortstuff
Log created at 20:27 on 28/09/2013 by Franknj229
Administrator - Elevation successful
========== reg ==========
[beep]
Hive unrecognized.
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Sorry, that was my mistake. Please run SystemLook again with this script:


```
:regfind
beep
```


----------



## Franknj229 (Sep 21, 2009)

SystemLook 04.09.10 by jpshortstuff
Log created at 11:04 on 29/09/2013 by Franknj229
Administrator - Elevation successful
========== regfind ==========
Searching for "beep"
[HKEY_CURRENT_USER\AppEvents\EventLabels\.Default]
@="Default Beep"
[HKEY_CURRENT_USER\AppEvents\EventLabels\FaxBeep]
[HKEY_CURRENT_USER\AppEvents\EventLabels\MailBeep]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\FaxBeep]
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MailBeep]
[HKEY_CURRENT_USER\Control Panel\Mouse]
"Beep"="No"
[HKEY_CURRENT_USER\Control Panel\Sound]
"Beep"="yes"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ime\IMTC70]
"BeepEnable"="0x00000001"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"Beep"="#USR:Control Panel\Sound"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"Beep"="#USR:Control Panel\Sound"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaCategories\{5145B065-3C8D-4f98-8117-1705211B6AAA}]
"Name"="PC Beep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaCategories\{992C6360-643D-11D2-9BDC-00A0C9696B7D}]
"Name"="PC Beep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\MediaCategories\{5145B065-3C8D-4f98-8117-1705211B6AAA}]
"Name"="PC Beep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\MediaCategories\{992C6360-643D-11D2-9BDC-00A0C9696B7D}]
"Name"="PC Beep"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Beep]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaCategories\{5145B065-3C8D-4f98-8117-1705211B6AAA}]
"Name"="PC Beep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaCategories\{992C6360-643D-11D2-9BDC-00A0C9696B7D}]
"Name"="PC Beep"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\.Default]
@="Default Beep"
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\FaxBeep]
[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\MailBeep]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\FaxBeep]
[HKEY_USERS\S-1-5-19\AppEvents\Schemes\Apps\.Default\MailBeep]
[HKEY_USERS\S-1-5-19\Control Panel\Mouse]
"Beep"="No"
[HKEY_USERS\S-1-5-19\Control Panel\Sound]
"Beep"="yes"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\ime\IMTC70]
"BeepEnable"="0x00000001"
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\.Default]
@="Default Beep"
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\FaxBeep]
[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\MailBeep]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\FaxBeep]
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\.Default\MailBeep]
[HKEY_USERS\S-1-5-20\Control Panel\Mouse]
"Beep"="No"
[HKEY_USERS\S-1-5-20\Control Panel\Sound]
"Beep"="yes"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\ime\IMTC70]
"BeepEnable"="0x00000001"
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\AppEvents\EventLabels\.Default]
@="Default Beep"
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\AppEvents\EventLabels\FaxBeep]
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\AppEvents\EventLabels\MailBeep]
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\AppEvents\Schemes\Apps\.Default\FaxBeep]
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\AppEvents\Schemes\Apps\.Default\MailBeep]
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\Control Panel\Mouse]
"Beep"="No"
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\Control Panel\Sound]
"Beep"="yes"
[HKEY_USERS\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\Windows\CurrentVersion\ime\IMTC70]
"BeepEnable"="0x00000001"
-= EOF =-


----------



## Cookiegal (Aug 27, 2003)

Please export this key for me.

Please go to *Start *- *Run *and copy and paste the following then click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep"*

You won't see anything happen and it will only take a second. You will find the report it creates at C:\look.txt. Please open it in Notepad and then copy and paste the report here.


----------



## Franknj229 (Sep 21, 2009)

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep]
"ErrorControl"=dword:00000001
"Group"="Base"
"Start"=dword:00000001
"Tag"=dword:00000002
"Type"=dword:00000001


----------



## Cookiegal (Aug 27, 2003)

Was this system upgraded from a previous operating system?

I ask because it has registry entries for the beep service but this service is not available on Vista 64-bit and as a result it's generating errors in the Event Viewer because the service is trying to start but can't because the file it's calling for doesn't exist. We can eliminate those errors but to do that I'll have to give you a registry fix to delete the beep service keys in the registry. 

Now I can't say that there's any relation between this and the freezes but it probably should be fixed. If you want to go ahead with that, I'm attaching a FixBeep.zip file to this post. Please save it to your desktop. Then unzip it (extract the file) and right-click the FixBeep.reg file and choose "Run As Administrator" to run the registry fix. If prompted by an alert please allow the merge into the registry. This will eliminate the errors in the Event Viewer.

After doing that please run it for a day or so and let me know if there are any more freezes. If there are, please run VEW again and post the log so I can see any new errors that have been generated.


----------



## Franknj229 (Sep 21, 2009)

I have been running Vista64 since the beginning. I'm going to run the fix now. I'll keep you posted. Thanks.


----------



## Franknj229 (Sep 21, 2009)

Well, I don't know if I did that correctly. I've never had much success with zip files. Right clicking the file didn't give me an option to "run as administrator", but I double clicked it and I think it ran. It gave me a warning about changing things in the registry, so I guess it was doing what you wanted it to do. I'll let you know how it goes over the next couple days, or until it freezes again, whichever comes first.

Thank you.


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.


----------



## Franknj229 (Sep 21, 2009)

No luck. When I hit the power button this morning, the fans and lights went on, but the monitor didn't. It froze before it even sent a signal to the monitor. This happened a couple times before I emailed you originally about this problem. I did a hard shut down, waited about 10 seconds, and then hit the power button again. The fans and lights came on for 1 second and then died out. I tried several more times and it was always the same. 1 second of power, then off, like the power just went out. This is what was happening when I emailed you from my phone. Eventually, I waited a half hour and when I hit the power button, it came on. Same thing today. It came on just fine when I got home from work. It's like it needed time to recharge itself or something. Anyway, here is the log you asked for it I continued to have problems:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 02/10/2013 2:10:55 AM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/10/2013 4:06:06 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 02/10/2013 4:06:06 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 02/10/2013 4:06:04 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 02/10/2013 4:06:04 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "Lsa" in DLL "C:\Windows\system32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 02/10/2013 4:06:04 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "ESENT" in DLL "C:\Windows\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 02/10/2013 4:06:04 AM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL EmdCache. The first four bytes (DWORD) of the Data section contains the Windows error code.
Log: 'Application' Date/Time: 02/10/2013 4:06:04 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\system32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 02/10/2013 1:07:25 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 02/10/2013 1:07:24 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 02/10/2013 1:07:23 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "MSDTC" in DLL "C:\Windows\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/10/2013 7:00:24 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (3016) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 208281600 (0x000000000c6a2000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (8919 seconds) to be serviced by the OS. In addition, 2 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 62242 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 30/09/2013 1:40:53 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (3016) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 31899648 (0x0000000001e6c000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (23830 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 89935 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 29/09/2013 12:42:00 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (3016) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 279543808 (0x0000000010a98000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (20310 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 20495 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 29/09/2013 7:00:24 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (3016) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 11444224 (0x0000000000aea000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (9363 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 27/09/2013 11:26:52 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (2604) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 297312256 (0x0000000011b8a000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (15812 seconds) to be serviced by the OS. In addition, 1 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 244575 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 27/09/2013 11:26:52 AM
Type: Warning Category: 7
Event: 507 Source: ESENT
wuaueng.dll (620) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 172756992 (0x000000000a4c1000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (15813 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 24/09/2013 3:26:22 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (2604) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 416907264 (0x0000000018d98000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (29069 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 23/09/2013 4:40:40 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
Windows (2596) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 106848256 (0x00000000065e6000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (30923 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 23/09/2013 4:40:40 PM
Type: Warning Category: 7
Event: 509 Source: ESENT
Windows (2596) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 265330688 (0x000000000fd0a000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (30923 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 0 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 22/09/2013 4:25:20 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 17 user registry handles leaked from \Registry\User\S-1-5-21-2669562794-4212015103-2530955540-1000:
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\My
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\CA
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1144 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Root
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1144 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1228 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\trust

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/10/2013 1:08:51 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 02/10/2013 1:08:51 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 02/10/2013 1:04:02 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.102 for the Network Card with network address 00248C239E0A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
Log: 'System' Date/Time: 02/10/2013 1:03:59 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 3:10:25 AM on 10/1/2013 was unexpected.
Log: 'System' Date/Time: 01/10/2013 7:09:22 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941).
Log: 'System' Date/Time: 30/09/2013 7:03:40 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941).
Log: 'System' Date/Time: 30/09/2013 1:03:11 AM
Type: Error Category: 0
Event: 7011 Source: Service Control Manager
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
Log: 'System' Date/Time: 29/09/2013 7:03:19 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941).
Log: 'System' Date/Time: 29/09/2013 4:07:06 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Log: 'System' Date/Time: 28/09/2013 10:12:29 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/10/2013 1:04:02 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.
Log: 'System' Date/Time: 01/10/2013 7:06:52 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 30/09/2013 1:40:45 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 29/09/2013 12:41:51 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 28/09/2013 10:04:18 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.
Log: 'System' Date/Time: 28/09/2013 10:04:18 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 28/09/2013 7:00:19 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 27/09/2013 11:27:30 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 27/09/2013 11:30:14 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 27/09/2013 12:40:18 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00248C239E0A. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.


----------



## Cookiegal (Aug 27, 2003)

There may be a problem with the hard drive. Let's run chkdsk on the drive. Make sure you have anything important backed up to an external hard drive or CDs before proceeding.

Click *Start*, type *cmd*, when cmd.exe appears in the list, right-click it and click "Run as Administrator".

Type *chkdsk /R C:* and press Enter. (Note the spaces between chkdsk and the forward slash and the R and the C and include the colon at the end as well).

You'll likely see this message:

The type of the file system is NTFS.
Cannot lock current drive.

Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts? (Y/N)

Hit Y and Enter, then reboot. This could take a long time depending on size of drive and how many errors it finds.

Chkdsk will create a log in the Event Viewer in the Application log (*Start *| *Run*, type *eventvwr.msc*, press Enter) with a source of *Wininit *that will show a summary of the results. Please copy and paste the results here.


----------



## Franknj229 (Sep 21, 2009)

Ok, I ran chkdsk overnight because I didn't know how long it would take, but you lost me on this last part:

Chkdsk will create a log in the Event Viewer in the Application log (*Start *| *Run*, type *eventvwr.msc*, press Enter) with a source of *Wininit *that will show a summary of the results. Please copy and paste the results here.

I'm running Vista64, so I no longer have a "run" box in the start menu. I typed "Run" in the search box and typed eventvwr.msc in that, but I couldn't figure out what to do next. I didn't see anything called Wininit. How do I find the log you are looking for?


----------



## Cookiegal (Aug 27, 2003)

In the Search box type *Event Viewer* and then double-click on *Event Viewer.*

Once the Event Viewer is open you will see various column headings. Look down the "Source" heading to find Winnit. Double-click on Winnit to open it. Now I don't have Vista but it should be about the same. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## Franknj229 (Sep 21, 2009)

Sorry, not seeing what you're describing. I'm trying to attach 2 pics. The first is what I get when I open Event Viewer. The second is that same screen in full-screen. I can't tell if the attachments are included though. I guess I'll find out when I post.


----------



## Franknj229 (Sep 21, 2009)

Still not sure if the attachments made it. Can you see them?


----------



## Cookiegal (Aug 27, 2003)

I don't see any images. Are you saving them on your hard drive and then uploading them?


----------



## Franknj229 (Sep 21, 2009)

Cookiegal said:


> I don't see any images. Are you saving them on your hard drive and then uploading them?


It is telling me "upload file failed" when I try to upload the image, but it doesn't tell me why. (very helpful)

I emailed the 2 pics to you from my phone and from my computer. Let me know if that worked.


----------



## Cookiegal (Aug 27, 2003)

It's because they were way too large. I'll upload the images here.


----------



## Cookiegal (Aug 27, 2003)

Under Event Type you see Critical, Error, Warning. There should also be one called "Applcation" which is the one you need to expand by clicking on the + sign to the left of it.


----------



## Franknj229 (Sep 21, 2009)

Under Event Type, I have Critical, Error, Warning, Information, Audit Success, Audit Failure. That's it.

Under "Information" I found something called wininit under Source. I double clicked on it and it gave me this:


Checking file system on C:

The type of the file system is NTFS.

　

One of your disks needs to be checked for consistency. You

may cancel the disk check, but it is strongly recommended

that you continue.

Windows will now check the disk.

Cleaning up instance tags for file 0x4de.

Cleaning up instance tags for file 0x41c44.

467520 file records processed. 1687 large file records processed. 0 bad file records processed. 0 EA records processed. 88 reparse records processed. 579074 index entries processed. 0 unindexed files processed. 467520 security descriptors processed. Cleaning up 8061 unused index entries from index $SII of file 0x9.

Cleaning up 8061 unused index entries from index $SDH of file 0x9.

Cleaning up 8061 unused security descriptors.

CHKDSK is compacting the security descriptor stream...

55778 data files processed. CHKDSK is verifying Usn Journal...

35212568 USN bytes processed. Usn Journal verification completed.

Correcting errors in the master file table's (MFT) BITMAP attribute.

Correcting errors in the Volume Bitmap.

Windows has made corrections to the file system.

976759807 KB total disk space.

505933460 KB in 400344 files.

223128 KB in 55781 indexes.

0 KB in bad sectors.

605583 KB in use by the system.

65536 KB occupied by the log file.

469997636 KB available on disk.

4096 bytes in each allocation unit.

244189951 total allocation units on disk.

117499409 allocation units available on disk.

Internal Info:

40 22 07 00 c6 f5 06 00 6a 54 0c 00 00 00 00 00 @"......jT......

ae 66 00 00 58 00 00 00 00 00 00 00 00 00 00 00 .f..X...........

90 c7 a8 77 00 00 00 00 50 23 86 ff 00 00 00 00 ...w....P#......

Windows has finished checking your disk.

Please wait while your computer restarts.


----------



## Cookiegal (Aug 27, 2003)

Go to *Start *and in Search type *msconfig *and hit Enter to open the System Configuration utility. Click on the *Startup tab* and uncheck everything there except for your anti-virus program (Kaspersky - the process is avp.exe).

Then reboot the machine and let me know if you still have freezing issues.


----------



## Franknj229 (Sep 21, 2009)

One of the items in that list is my operating system. Am I unchecking that as well?


----------



## Cookiegal (Aug 27, 2003)

The operating system should not be listed there. What exactly does that entry say?


----------



## Franknj229 (Sep 21, 2009)

Microsoft Windows Operating System Microsoft Corporation

Under "Command", it says C:\Program Files\Windows Sidebar \sidebar.exe /autoRun

I hadn't looked that closely at it before, so it looks like it's not actually the operating system. Just a program run by the operating system?

OK to proceed?


----------



## Cookiegal (Aug 27, 2003)

It might be best to upload a screenshot.


----------



## Franknj229 (Sep 21, 2009)

Did that work?


----------



## Franknj229 (Sep 21, 2009)

Guess so. You can't tell if the attachments are there until you submit the reply.


----------



## Cookiegal (Aug 27, 2003)

Leave that one checked for now. It's not the operating system in itself but it may be required. Uncheck everything else except your antivirus.


----------



## Franknj229 (Sep 21, 2009)

Ok, I just did it. I will keep you posted.


----------



## Cookiegal (Aug 27, 2003)

Sounds good.


----------



## Franknj229 (Sep 21, 2009)

Well I'm definitely still having issues. It froze up while I was playing a game on Steam. I'm having a lot of issues during start up. I tend to "sleep" my computer overnight instead of shutting down (quicker start up), and I think it is freezing in sleep mode or something, because half the time it doesn't come on. The fans and lights are going but no signal is getting to the monitor. When this happens, I can't even do a hard shut down because the computer just goes back to sleep as soon as I hit the power button. It doesn't actually shut down. I have to unplug the computer for a few seconds so it will boot up when I hit the power button again. If it's an issue with the hard drive, is it as simple as changing the hard drive?


----------



## Cookiegal (Aug 27, 2003)

Please download *RogueKiller* by Tigzy and save it to your desktop.
Allow the download if prompted by your security software and please close all your other browser windows.
Double-click *RogueKiller.exe* to run it.
If it does not run, please try a few times, If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com
Wait for *PreScan* to finish, Then Accept the EULA.
Click on the *Scan* button in the upper right. Wait for it to finish.
Once completed, a log called *RKreport[1].txt* will be created on the desktop. It can also be accessed via the *Report* button.
Please copy and paste the contents of that log in your next reply.
When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click *Yes*.


----------



## Franknj229 (Sep 21, 2009)

RogueKiller V8.7.1 [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Franknj229 [Admin rights]
Mode : Scan -- Date : 10/08/2013 19:55:33
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 1 ¤¤¤
[Franknj229][SUSP PATH] NexDef Plug-in.lnk : C:\Users\Franknj229\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk @C:\Users\FRANKN~1\AppData\Local\Autobahn\nexdef.exe [-][-] -> FOUND
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD1001FALS-00J7B0 ATA Device +++++
--- User ---
[MBR] bce17483edd99f2f7152a227243aaf55
[BSP] 5019be1bda1f50af462c73656fcb0f55 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) (Standard disk drives) - WDC WD6401AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] cc221b417c442858a921ad340abdebe0
[BSP] b587241872d5a065546d024140505ec1 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610478 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) (Standard disk drives) - WD 10EACS External USB Device +++++
--- User ---
[MBR] 7061a89619313fca2cd228c1bdf9edad
[BSP] 39cc44575b71c8e70f97ed1007b4e215 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_S_10082013_195533.txt >>
RKreport[0]_S_09212013_104633.txt


----------



## Cookiegal (Aug 27, 2003)

None of what was found is actually malicious. 

Please run VEW again to see what errors are still occurring.


----------



## Franknj229 (Sep 21, 2009)

I thought it finally died this time. It just took me 7 or 8 attempts to get it to boot up. Again, fans and lights, keyboard lights, everything running, but no signal to the monitor. Just frozen. I tried hard shut down, but as soon as I touched the power button everything went off, like it went into hibernation. I normally have to hold the power switch for a few seconds before it shuts down. Not an option this time. I unplugged the tower, waited a few, then plugged it back in and hit power. Still no signal to the monitor. I did this twice with no luck. I gave it one last try and was about to give up when it finally booted up. As always, I got the boot screen that asks if I want to "start windows normally" or in safe mode, etc, which is normal after a hard shut down or power outage. It's back up now. VEW log below. I fear I am on borrowed time, running on fumes, or any other metaphor for when the end could come at any moment.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 09/10/2013 7:23:12 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/10/2013 11:19:47 PM
Type: Error Category: 0
Event: 1023 Source: MsiInstaller
Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
Log: 'Application' Date/Time: 09/10/2013 11:19:43 PM
Type: Error Category: 0
Event: 11706 Source: MsiInstaller
Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Log: 'Application' Date/Time: 09/10/2013 11:11:19 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 08/10/2013 1:57:35 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 08/10/2013 7:04:23 AM
Type: Error Category: 0
Event: 1023 Source: MsiInstaller
Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.
Log: 'Application' Date/Time: 08/10/2013 7:04:18 AM
Type: Error Category: 0
Event: 11706 Source: MsiInstaller
Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1. The Windows installer cannot continue.
Log: 'Application' Date/Time: 08/10/2013 1:46:05 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 07/10/2013 2:18:46 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Log: 'Application' Date/Time: 07/10/2013 2:08:31 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Log: 'Application' Date/Time: 07/10/2013 2:08:31 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/10/2013 1:43:12 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 7 user registry handles leaked from \Registry\User\S-1-5-21-2669562794-4212015103-2530955540-1000:
Process 1164 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1164 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1164 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1164 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\CA
Process 1164 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Root
Process 1164 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1164 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 03/10/2013 6:32:54 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-2669562794-4212015103-2530955540-1000:
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\My
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\CA
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Disallowed
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\Root
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Policies\Microsoft\SystemCertificates
Process 1676 (\Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe) has opened key \REGISTRY\USER\S-1-5-21-2669562794-4212015103-2530955540-1000\Software\Microsoft\SystemCertificates\trust

Log: 'Application' Date/Time: 01/10/2013 7:00:24 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (3016) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 208281600 (0x000000000c6a2000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (8919 seconds) to be serviced by the OS. In addition, 2 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 62242 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 30/09/2013 1:40:53 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (3016) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 31899648 (0x0000000001e6c000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (23830 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 89935 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 29/09/2013 12:42:00 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (3016) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 279543808 (0x0000000010a98000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (20310 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 20495 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 29/09/2013 7:00:24 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (3016) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 11444224 (0x0000000000aea000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (9363 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 27/09/2013 11:26:52 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
Windows (2604) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 297312256 (0x0000000011b8a000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (15812 seconds) to be serviced by the OS. In addition, 1 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 244575 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 27/09/2013 11:26:52 AM
Type: Warning Category: 7
Event: 507 Source: ESENT
wuaueng.dll (620) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 172756992 (0x000000000a4c1000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (15813 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 24/09/2013 3:26:22 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
Windows (2604) Windows: A request to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 416907264 (0x0000000018d98000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (29069 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Log: 'Application' Date/Time: 23/09/2013 4:40:40 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
Windows (2596) Windows: A request to read from the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb" at offset 106848256 (0x00000000065e6000) for 8192 (0x00002000) bytes succeeded, but took an abnormally long time (30923 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/10/2013 11:20:30 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941).
Log: 'System' Date/Time: 09/10/2013 11:13:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 09/10/2013 11:13:58 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 08/10/2013 1:59:00 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 08/10/2013 1:59:00 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 08/10/2013 1:56:28 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 3:06:25 AM on 10/8/2013 was unexpected.
Log: 'System' Date/Time: 08/10/2013 7:05:26 AM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2833941).
Log: 'System' Date/Time: 08/10/2013 1:48:13 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
Log: 'System' Date/Time: 08/10/2013 1:48:13 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Log: 'System' Date/Time: 08/10/2013 1:45:03 AM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.102 for the Network Card with network address 00248C239E0A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/10/2013 11:22:07 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2883150(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:22:07 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2883150(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:21:59 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2876284(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:21:59 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2876284(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:21:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2863253(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:21:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2863253(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:21:48 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2863253(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:21:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2863253(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:21:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2863253(Security Update) is not applicable for this system
Log: 'System' Date/Time: 09/10/2013 11:21:47 PM
Type: Warning Category: 0
Event: 4374 Source: Microsoft-Windows-Servicing
Windows Servicing identified that package KB2863253(Security Update) is not applicable for this system


----------



## Cookiegal (Aug 27, 2003)

There are a lot of problems related to the Windows updates issued yesterday. I don't think we're going to be able to rectify those errors.

Honestly, I think your best bet would be to back up anything important and then reformat and reinstall Windows to start fresh.


----------



## Franknj229 (Sep 21, 2009)

Ugh, this thing is driving me crazy! Thank you so much for trying to help. Quick update: It seems to have stopped freezing during use (has been running non-stop for over 24 hours now), but takes somewhere between 5 and 10 frustrating attempts to turn it on in the first place.

I am going to take your advice and reformat, then reinstall windows. Would you be able to give me some final advice on this? I was planning to reinstall Vista64, but my father is practically begging me to upgrade to Windows8. His argument is based on all the negative reviews of Vista when it first came out. I have never really experienced any problems with it and the reviews I'm seeing online about Windows8 don't make it sound like something I want anything to do with.

Do you have any thoughts on this you can share? Any downside to just going with Firefox?

Thanks again for your help.


----------



## Franknj229 (Sep 21, 2009)

Oops. Meant Linux, not Firefox.


----------



## Cookiegal (Aug 27, 2003)

I'm still running XP so I can only go by what I've heard others say and based on that, I'd probably go with Windows 7. I've heard bad things about Windows 8 as well but 8.1 is "supposed" to be better but I'm not sure about that.

Windows 7 will be in full support until January 13, 2015 and then in extended support for another five years after that (until 2020).

I don't know anything about Linux but you could give it a try since it's free and see how you like it.


----------



## Franknj229 (Sep 21, 2009)

Ok, thanks again.


----------



## Cookiegal (Aug 27, 2003)

You're welcome and good luck.


----------



## Franknj229 (Sep 21, 2009)

Hi again. Wanted to give you a quick update and ask another question before proceeding.

First, I didn't turn my computer off for about 3 weeks after our last conversation. I was afraid it wouldn't come back on again. In that time it didn't freeze once. Eventually, I had to turn it off for an update. The next morning it came on with no problem. First try! Again, I haven't turned it off since.

Of course, I don't believe everything is perfect. I am planning to reformat and reinstall as you suggested, but I'm nervous and have been putting it off.

I have backed up everything I can think of from my primary 1TB drive and my second 600GB drive onto a 1TB external drive. My 600GB drive is now empty and my primary 1TB should be all backed up.

Since all 3 drives are around 5 years old, I would like to change all 3 but I don't have the money for that right now. My thought is to just remove my primary 1TB drive, reformat my 600GB drive and reinstall Vista on that one, making it my new primary drive. I can then add another drive in the near future and flip them again, making the new one my primary.

In the meantime, I have a new issue that I'm hoping can be quickly resolved to get me through a few more days.

I have been randomly losing my internet connection over the past couple days. While I'm watching something on Netflix or playing a game online, I suddenly lose the connection and can't reconnect for a few minutes, up to a half hour. All indications on my computer, modem, and router are that I still have a connection. Even my iPhone shows that I'm connected to the wireless network, but I'm actually not. Then, just as suddenly, I can get back online.

Any ideas?

Thank you!


----------



## Cookiegal (Aug 27, 2003)

All of the lights on the modem are lit when this happens?

Please do the following twice (once when you have a connection and again when the connection drops):

Go to *Start *- *Run *- type in cmd and click OK to open a command prompt:

Type the following command (be sure to include the space between the g and the /:

*Ipconfig /all*

Hit Enter.

Right-click on the top band of the command window and choose Edit then Select All and hit Enter then right-click on the top band of the command window again and choose "copy" then hit Enter. Paste the results in a message here.


----------



## Franknj229 (Sep 21, 2009)

I left a gap between the "connected" log and the "not connected" log. My connection came back a few seconds after running the "not connected" Ipconfig, so I'm going to run both again just to be sure. I'll post the second set of logs in a seperate post.

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Franknj229>Ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Franknj229-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cable.rcn.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0) #2
Physical Address. . . . . . . . . : 00-24-8C-23-9E-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7461:bcf3:69ec:4d0f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 10, 2013 9:27:07 AM
Lease Expires . . . . . . . . . . : Monday, November 11, 2013 9:27:07 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184558732
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : 208.59.247.45
208.59.247.46
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-23-9F-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-84-45
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc4d:b650:f602:3645%35(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 487063591
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{55733108-CDE5-453C-BA75-9CAFD17B0
FEC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 21:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 18:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 23:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 24:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 19:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 25:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 37:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E9CB47D3-1042-44BE-A003-29699D195
343}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 46:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 47:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 48:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 49:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 50:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #19
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 51:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Franknj229>

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Franknj229>Ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Franknj229-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cable.rcn.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0) #2
Physical Address. . . . . . . . . : 00-24-8C-23-9E-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7461:bcf3:69ec:4d0f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 10, 2013 9:27:07 AM
Lease Expires . . . . . . . . . . : Monday, November 11, 2013 9:27:07 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184558732
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : 208.59.247.45
208.59.247.46
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-23-9F-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-84-45
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc4d:b650:f602:3645%35(Preferred)
 IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 487063591
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{55733108-CDE5-453C-BA75-9CAFD17B0
FEC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 21:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 18:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 23:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 24:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 19:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 25:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 37:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E9CB47D3-1042-44BE-A003-29699D195
343}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 46:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 47:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 48:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 49:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 50:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #19
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 51:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Franknj229>


----------



## Franknj229 (Sep 21, 2009)

Ok, below are actually 3 logs, with a gap between each. The first one I ran while I was connected. The second one I ran while I was disconnected, but my Network and Sharing Center said I was connected. The third one I ran while I was disconnected and my Network and Sharing Center agreed that I was disconnected.


----------



## Cookiegal (Aug 27, 2003)

I think you forgot to post the three logs.

Also, how do you connect, wired or wirelessly?


----------



## Franknj229 (Sep 21, 2009)

Ha! Just testing you. 

Sorry, here you go. (My computer is wired and I connect wirelessly to my iphone and laptop. When I lose the connection on my computer, I lose the wireless connection at the same time. But just like the computer, the iphone is still showing that I'm connected to the wireless network with a full signal, but nothing will load.)

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Franknj229>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Franknj229-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cable.rcn.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0) #2
Physical Address. . . . . . . . . : 00-24-8C-23-9E-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7461:bcf3:69ec:4d0f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, November 10, 2013 9:27:07 AM
Lease Expires . . . . . . . . . . : Monday, November 11, 2013 9:27:06 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184558732
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : 208.59.247.45
208.59.247.46
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-23-9F-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-84-45
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc4d:b650:f602:3645%35(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 487063591
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{55733108-CDE5-453C-BA75-9CAFD17B0
FEC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 21:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 18:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 23:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 24:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 19:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 25:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 37:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E9CB47D3-1042-44BE-A003-29699D195
343}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 46:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 47:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 48:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 49:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 50:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #19
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 51:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Franknj229>

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Franknj229>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Franknj229-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cable.rcn.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0) #2
Physical Address. . . . . . . . . : 00-24-8C-23-9E-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7461:bcf3:69ec:4d0f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 11, 2013 9:27:13 AM
Lease Expires . . . . . . . . . . : Tuesday, November 12, 2013 9:27:12 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184558732
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : 208.59.247.45
208.59.247.46
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-23-9F-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-84-45
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc4d:b650:f602:3645%35(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 487063591
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{55733108-CDE5-453C-BA75-9CAFD17B0
FEC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 21:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 18:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 23:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 24:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 19:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 25:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 37:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E9CB47D3-1042-44BE-A003-29699D195
343}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 46:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 47:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 48:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 49:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 50:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #19
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 51:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Franknj229>

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Franknj229>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Franknj229-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : cable.rcn.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0) #2
Physical Address. . . . . . . . . : 00-24-8C-23-9E-0A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7461:bcf3:69ec:4d0f%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 11, 2013 9:27:13 AM
Lease Expires . . . . . . . . . . : Tuesday, November 12, 2013 9:27:12 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184558732
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : 208.59.247.45
208.59.247.46
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
Gigabit Ethernet NIC (NDIS 6.0)
Physical Address. . . . . . . . . : 00-24-8C-23-9F-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-84-45
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dc4d:b650:f602:3645%35(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 487063591
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-64-AD-95-00-24-8C-23-9F-5D
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 6:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{55733108-CDE5-453C-BA75-9CAFD17B0
FEC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 7:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 15:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 21:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 16:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 17:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 18:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 23:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 24:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 19:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 25:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 37:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{E9CB47D3-1042-44BE-A003-29699D195
343}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 46:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 47:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 48:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 49:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.cable.rcn.com
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 50:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : cable.rcn.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #19
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 51:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{7F4E1B37-59D0-4C96-B2E9-60CBEA277
C5F}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Franknj229>


----------



## Franknj229 (Sep 21, 2009)

Here's the message I get when I let Windows diagnose the problem:


----------



## Cookiegal (Aug 27, 2003)

What are the suggestions it gives you to try to solve the problem?


----------



## Franknj229 (Sep 21, 2009)

Nothing helpful. The suggestions are based on the assumption that something is wrong with the connection. I believe something is wrong with the computer that is "fooling" the internet into thinking there is no connection, when in fact there is one.

I tried to get that pop up again (the one I posted yesterday) so I could click the suggestions, but this time I got a slightly different pop up. When the webpage failed to load, I got the "diagnose connection problems" pop up. The attached 5 images are the sequence of events after I clicked "diagnose".

Needless to say, it didn't work.

Also, the fact that the connection goes in and out randomly suggests something is buggy, and not just a setting that needs changing or a reset is required.


----------



## Cookiegal (Aug 27, 2003)

Since you are going to be reformating the computer I don't think it's worth spending a lot of time troubleshooting this but if you've decided not to reformat then perhaps you should start a new thread in the Networking forum.


----------



## Franknj229 (Sep 21, 2009)

Ok. I will reformat and see if that fixes the problem. Thanks.


----------



## Franknj229 (Sep 21, 2009)

Well, my half-hearted experiment failed. Even though I am 90% sure everything from my primary HDD (C) is backed up to my external HDD, I am still nervous about reformatting it. So I reformatted my Secondary HDD (F) and installed Vista on that.

When it booted up, nothing worked properly. I couldn't connect to the internet, therefore I couldn't update any of the drivers. The BIOS screen showed 2 versions of Vista. Obviously it recognizes both HDD's and the fact that Vista is loaded on both. Perhaps that is the problem. My computer also froze, which it hasn't done in a month.

Clearly I don't really know what I'm doing. I have since re-reformatted my Secondary HDD, so I'm back to where I was early today.

Any thoughts on why I couldn't connect to the internet? Is there a problem with the motherboard recognizing 2 seperate HDD's, both with the same operating system installed?

What if I just disconnected my Primary HDD and installed Vista on the single drive still connected (currently my secondary)? If there were any problems, could I disconnect the secondary, reconnect the primary, and boot up again as if nothing happened?

Sorry for all the questions.


----------



## Cookiegal (Aug 27, 2003)

I'm not the one to ask about reformating. I suggest you start a new thread for assistance with this issue.


----------

