TechSpot

Google redirects and IE running in background

Solved
By Michael West
Oct 21, 2012
  1. I use this computer mainly for gaming and web surfing and have never had any type of AV or anything on here until recently when I noticed a significant decrease in performance where there should be none. I checked active processes and noticed IE would have multiple instances up and running and I do not even use IE I use Firefox. Also any time I stopped IE from running it would immediately pop back up. No IE browser windows ever opened up so that led me to believe I had a virus so I broke down and purchased McAfee. Another thing I have noticed is that all of a sudden, from my Google search results if I click a link I get redirected the first time but can go back and click again and make it to the page I am trying to view. The redirects are always different sites in which I never stay long enough to find out what site it is. I did run all the programs to pull the logs you all need and malwarebytes was able to remove some redirect trojans and a few other things. Here are my logs, please if there is anything else I need to do, help!

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.21.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Brandon :: BRANDON-PC [administrator]

    Protection: Enabled

    10/21/2012 3:44:09 AM
    mbam-log-2012-10-21 (03-44-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 223202
    Time elapsed: 4 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Bugsplat (Trojan.RedirRdll2.Gen) -> Data: rundll32.exe C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll,ir_fe_ocr_linesegment -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    C:\ProgramData\FREEzeFrogSA (Adware.FreezeFrog) -> Quarantined and deleted successfully.

    Files Detected: 9
    C:\Users\Brandon\Downloads\7zipap_718.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
    C:\Users\Brandon\Downloads\installer_directx_sdk.exe (PUP.BundleInstaller.BT) -> Quarantined and deleted successfully.
    C:\Users\Brandon\AppData\Local\Bugsplat\rkavsrfd.dll (Trojan.RedirRdll2.Gen) -> Delete on reboot.
    C:\ProgramData\FREEzeFrogSA\FREEzeFrogSA.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    C:\ProgramData\FREEzeFrogSA\FREEzeFrogSAAbout.mht (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    C:\ProgramData\FREEzeFrogSA\FreezeFrogSAau.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    C:\ProgramData\FREEzeFrogSA\FREEzeFrogSAEULA.mht (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    C:\ProgramData\FREEzeFrogSA\FreezeFrogSA_hpk.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.
    C:\ProgramData\FREEzeFrogSA\FreezeFrogSA_kyf.dat (Adware.FreezeFrog) -> Quarantined and deleted successfully.

    (end)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-21 04:31:55
    Windows 6.1.7601 Service Pack 1
    Running: 98bgtukb.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAFDE38B-9DF7-9413-34FB-8864AC837654}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAFDE38B-9DF7-9413-34FB-8864AC837654}@oabhdkfjbbfagkmlkodhdfehckhlio 0x6A 0x61 0x66 0x65 ...

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
    Run by Brandon at 4:40:54 on 2012-10-21
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.668 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Common Files\McAfee\Core\mchost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/
    uSearch Bar = Preserve
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uRun: [Best Buy pc app] C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
    uRun: [] C:\Users\Brandon\AppData\Local\Temp\4.245763954103653E8
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VMV0gtR0JZUzQtOU5USEQtUUE3WEQtQzJRSEgtTkZGS0o"&"inst=NzctNzA3Njg5NDQ5LUREVCs5OTU5LUxTRCsyLVNUMTBBUFArMS1ERDEwKzEtRkwxMCsxLVNUMTBGQVBQKzEtREQxMEYrMS1GMTBNMTJBVCsxLUYxME0xMkErMS1GMTBNMTJBQisxLVUxMCsxLUYxME0xMkFUQk4rMQ"&"prod=90"&"ver=10.0.1416
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{0A0BAC73-3118-4B66-B223-515C166C1C39}\7796C646775637475737D636 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{0A0BAC73-3118-4B66-B223-515C166C1C39}\7796C646775637475737D636D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56}\7796C646775637475737D636 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56}\7796C646775637475737D636D27657563747 : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{C38D4E61-CEEB-45D1-B7BF-ECE2B93160D8} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{C38D4E61-CEEB-45D1-B7BF-ECE2B93160D8}\7796C646775637475737D636D27657563747 : DHCPNameServer = 24.248.133.27 192.168.33.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
    FF - plugin: C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - ExtSQL: 2012-10-16 15:49; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 752672]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 335784]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-21 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-21 676936]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-16 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-10-16 237920]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-10-16 218320]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-10-16 177144]
    R2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-8-30 382312]
    R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2011-8-1 1101600]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-10-16 69672]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-21 25928]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-10-16 300392]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-10-16 513456]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-10-7 189288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-7-29 2255464]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-16 196440]
    S3 JmtFltr;n52te;C:\Windows\System32\drivers\JmtFltr.sys [2011-9-7 46464]
    S3 LVUVC64;Logitech Webcam 300(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-10-16 106112]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-13 115168]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-9-26 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-3 1255736]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-8-13 14544]
    .
    =============== File Associations ===============
    .
    FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2012-10-21 08:43:25 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Malwarebytes
    2012-10-21 08:42:34 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-10-21 08:42:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-10-21 08:42:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-18 01:42:31 -------- d-----w- C:\Users\Brandon\AppData\Roaming\Mumble
    2012-10-18 01:42:24 -------- d-----w- C:\Program Files (x86)\Mumble
    2012-10-16 16:53:04 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-10-16 16:53:04 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-10-16 16:53:02 59392 ----a-w- C:\Windows\System32\browcli.dll
    2012-10-16 16:53:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
    2012-10-16 16:53:02 136704 ----a-w- C:\Windows\System32\browser.dll
    2012-10-16 16:52:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-10-16 16:52:42 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-10-16 16:51:00 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-10-16 16:46:18 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2012-10-16 16:46:18 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-10-16 16:46:17 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-10-16 16:46:17 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-10-16 16:46:17 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-10-16 16:46:17 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-16 16:32:04 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
    2012-10-16 16:30:51 -------- d-----w- C:\Program Files (x86)\McAfee.com
    2012-10-16 16:30:45 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2012-10-16 16:30:44 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
    2012-10-16 16:30:33 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2012-10-16 16:30:33 513456 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2012-10-16 16:30:33 300392 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2012-10-16 16:30:33 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2012-10-16 16:30:27 -------- d-----w- C:\Program Files\Common Files\McAfee
    2012-10-16 16:30:15 -------- d-----w- C:\Program Files\McAfee.com
    2012-10-16 16:30:15 -------- d-----w- C:\Program Files\McAfee
    2012-10-16 16:30:05 -------- d-----w- C:\Program Files (x86)\McAfee
    2012-10-16 16:14:13 -------- d-----w- C:\mfe
    2012-10-16 16:07:36 177144 ----a-w- C:\Windows\System32\mfevtps.exe
    2012-10-16 16:04:31 -------- d-----w- C:\ProgramData\Citrix
    2012-10-16 15:55:51 -------- d-----w- C:\Program Files (x86)\Citrix
    2012-10-16 15:55:42 -------- d-----w- C:\Users\Brandon\AppData\Local\Citrix
    2012-10-16 15:55:37 103784 ----a-w- C:\Users\Brandon\GoToAssistDownloadHelper.exe
    2012-10-15 12:54:46 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{68D2397E-40FD-480A-976F-0F083EC6F224}\mpengine.dll
    2012-10-14 04:58:17 -------- d-----w- C:\Windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
    2012-10-14 00:36:45 -------- d-----w- C:\Program Files (x86)\SpeedFan
    2012-10-07 19:30:57 830312 ----a-w- C:\Windows\SysWow64\nvumdshim.dll
    2012-09-25 15:54:48 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-25 15:54:30 -------- d-----w- C:\Program Files\iPod
    2012-09-25 15:54:28 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-25 15:54:28 -------- d-----w- C:\Program Files\iTunes
    2012-09-25 15:54:28 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-09-25 15:53:00 -------- d-----w- C:\Program Files\Bonjour
    2012-09-25 15:53:00 -------- d-----w- C:\Program Files (x86)\Bonjour
    2012-09-24 14:19:03 -------- d-----w- C:\Users\Brandon\AppData\Local\Bugsplat
    .
    ==================== Find3M ====================
    .
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-30 16:18:05 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-08-30 16:18:05 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-08-30 16:18:05 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-08-30 16:18:04 3487434 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-08-30 16:18:01 3266920 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-08-30 16:17:59 6198120 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-08-30 15:40:14 429416 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-08-29 03:20:22 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-08-29 03:20:22 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-08-29 03:20:22 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 18:05:06 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 16:57:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 15:59:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 15:20:39 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    .
    ============= FINISH: 4:41:19.10 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 8/1/2011 10:46:28 AM
    System Uptime: 10/21/2012 3:53:52 AM (1 hours ago)
    .
    Motherboard: EVGA | | 132-YW-E179-FTW
    Processor: Intel(R) Core(TM)2 Duo CPU E8600 @ 3.33GHz | Socket 775 | 3333/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 140 GiB total, 16.799 GiB free.
    D: is CDROM (CDFS)
    E: is FIXED (NTFS) - 932 GiB total, 911.93 GiB free.
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP185: 10/10/2012 4:33:35 AM - Windows Update
    RP186: 10/15/2012 7:54:25 AM - Windows Update
    RP188: 10/16/2012 10:00:54 AM - Windows Defender Checkpoint
    RP189: 10/16/2012 11:54:13 AM - Windows Update
    RP190: 10/17/2012 8:41:42 PM - Installed Mumble 1.2.3
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    7-Zip 9.20
    7-Zip 9.20 (x64 edition)
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Best Buy pc app
    Bonjour
    Cisco Connect
    Diablo II
    Diablo III
    DivX Setup
    Game Booster 3
    ImgBurn
    iTunes
    Java 7 Update 6 (64-bit)
    Java Auto Updater
    Java(TM) 7 Update 5
    Java(TM) SE Development Kit 7 Update 3 (64-bit)
    JavaFX 2.0.3 (64-bit)
    JavaFX 2.0.3 SDK (64-bit)
    JavaFX 2.1.1
    League of Legends
    Malwarebytes Anti-Malware version 1.65.1.1000
    McAfee Internet Security
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft DirectX SDK (June 2010)
    Microsoft Expression Blend 4
    Microsoft Help Viewer 1.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Web Deploy 2.0
    Microsoft Web Platform Installer 3.0
    Mozilla Firefox 15.0 (x86 en-US)
    Mozilla Firefox 16.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Mumble 1.2.3
    NuGet
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 306.23
    NVIDIA 3D Vision Driver 306.23
    NVIDIA Control Panel 306.23
    NVIDIA Endless City demo
    NVIDIA Graphics Driver 306.23
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.4.28
    NVIDIA Update Components
    Paint.NET v3.5.10
    Pando Media Booster
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    Shared C Run-time for x64
    SpeedFan (remove only)
    Steam
    TransMac version 10.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client for Windows x64
    Warcraft III
    Web Deployment Tool
    Windows Live ID Sign-in Assistant
    World of Warcraft
    WPF Toolkit February 2010 (Version 3.5.50211.1)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2012 3:56:22 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: unknown user name or bad password. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/21/2012 3:56:22 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    10/16/2012 10:38:40 AM, Error: Service Control Manager [7003] - The McAfee Validation Trust Protection Service service depends the following service: mfehidk. This service might not be installed.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  3. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    Log file from TDSSKiller part 1 of 2

    22:06:56.0095 4072 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    22:06:58.0233 4072 ============================================================
    22:06:58.0233 4072 Current date / time: 2012/10/21 22:06:58.0233
    22:06:58.0233 4072 SystemInfo:
    22:06:58.0233 4072
    22:06:58.0233 4072 OS Version: 6.1.7601 ServicePack: 1.0
    22:06:58.0233 4072 Product type: Workstation
    22:06:58.0233 4072 ComputerName: BRANDON-PC
    22:06:58.0233 4072 UserName: Brandon
    22:06:58.0233 4072 Windows directory: C:\Windows
    22:06:58.0233 4072 System windows directory: C:\Windows
    22:06:58.0233 4072 Running under WOW64
    22:06:58.0233 4072 Processor architecture: Intel x64
    22:06:58.0233 4072 Number of processors: 2
    22:06:58.0233 4072 Page size: 0x1000
    22:06:58.0233 4072 Boot type: Normal boot
    22:06:58.0233 4072 ============================================================
    22:06:59.0590 4072 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:06:59.0605 4072 Drive \Device\Harddisk1\DR1 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:06:59.0605 4072 ============================================================
    22:06:59.0605 4072 \Device\Harddisk0\DR0:
    22:06:59.0605 4072 MBR partitions:
    22:06:59.0605 4072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    22:06:59.0605 4072 \Device\Harddisk1\DR1:
    22:06:59.0605 4072 MBR partitions:
    22:06:59.0605 4072 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11773701
    22:06:59.0605 4072 ============================================================
    22:06:59.0652 4072 C: <-> \Device\Harddisk1\DR1\Partition1
    22:06:59.0652 4072 E: <-> \Device\Harddisk0\DR0\Partition1
    22:06:59.0652 4072 ============================================================
    22:06:59.0652 4072 Initialize success
    22:06:59.0652 4072 ============================================================
    22:07:30.0729 3972 ============================================================
    22:07:30.0729 3972 Scan started
    22:07:30.0729 3972 Mode: Manual;
    22:07:30.0729 3972 ============================================================
    22:07:32.0289 3972 ================ Scan system memory ========================
    22:07:32.0289 3972 System memory - ok
    22:07:32.0289 3972 ================ Scan services =============================
    22:07:32.0383 3972 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    22:07:32.0383 3972 1394ohci - ok
    22:07:32.0414 3972 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    22:07:32.0414 3972 ACPI - ok
    22:07:32.0430 3972 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    22:07:32.0477 3972 AcpiPmi - ok
    22:07:32.0555 3972 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    22:07:32.0555 3972 AdobeARMservice - ok
    22:07:32.0601 3972 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    22:07:32.0633 3972 adp94xx - ok
    22:07:32.0664 3972 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    22:07:32.0679 3972 adpahci - ok
    22:07:32.0726 3972 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    22:07:32.0742 3972 adpu320 - ok
    22:07:32.0804 3972 [ E005682AE8F8EC4EB05F2A70A16EA1C5 ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys
    22:07:32.0898 3972 AE1000 - ok
    22:07:32.0929 3972 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    22:07:32.0929 3972 AeLookupSvc - ok
    22:07:32.0991 3972 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    22:07:33.0069 3972 AFD - ok
    22:07:33.0085 3972 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    22:07:33.0101 3972 agp440 - ok
    22:07:33.0116 3972 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    22:07:33.0116 3972 ALG - ok
    22:07:33.0132 3972 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    22:07:33.0132 3972 aliide - ok
    22:07:33.0147 3972 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    22:07:33.0147 3972 amdide - ok
    22:07:33.0179 3972 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    22:07:33.0194 3972 AmdK8 - ok
    22:07:33.0194 3972 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    22:07:33.0210 3972 AmdPPM - ok
    22:07:33.0225 3972 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    22:07:33.0288 3972 amdsata - ok
    22:07:33.0319 3972 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    22:07:33.0319 3972 amdsbs - ok
    22:07:33.0335 3972 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    22:07:33.0335 3972 amdxata - ok
    22:07:33.0381 3972 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    22:07:33.0428 3972 AppID - ok
    22:07:33.0444 3972 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    22:07:33.0459 3972 AppIDSvc - ok
    22:07:33.0522 3972 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    22:07:33.0522 3972 Appinfo - ok
    22:07:33.0662 3972 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    22:07:33.0678 3972 Apple Mobile Device - ok
    22:07:33.0834 3972 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    22:07:33.0834 3972 AppMgmt - ok
    22:07:33.0865 3972 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    22:07:33.0881 3972 arc - ok
    22:07:33.0912 3972 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    22:07:33.0912 3972 arcsas - ok
    22:07:34.0021 3972 [ E1A1206A4FB19B675E947B29CCD25FBA ] aspnet_state C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    22:07:34.0037 3972 aspnet_state - ok
    22:07:34.0052 3972 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    22:07:34.0052 3972 AsyncMac - ok
    22:07:34.0068 3972 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    22:07:34.0068 3972 atapi - ok
    22:07:34.0146 3972 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    22:07:34.0146 3972 AudioEndpointBuilder - ok
    22:07:34.0177 3972 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    22:07:34.0177 3972 AudioSrv - ok
    22:07:34.0193 3972 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    22:07:34.0239 3972 AxInstSV - ok
    22:07:34.0333 3972 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    22:07:34.0364 3972 b06bdrv - ok
    22:07:34.0427 3972 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    22:07:34.0458 3972 b57nd60a - ok
    22:07:34.0489 3972 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    22:07:34.0489 3972 BDESVC - ok
    22:07:34.0505 3972 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    22:07:34.0520 3972 Beep - ok
    22:07:34.0614 3972 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    22:07:34.0629 3972 BFE - ok
    22:07:34.0645 3972 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    22:07:34.0676 3972 BITS - ok
    22:07:34.0723 3972 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    22:07:34.0723 3972 blbdrive - ok
    22:07:34.0848 3972 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    22:07:34.0895 3972 Bonjour Service - ok
    22:07:34.0926 3972 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    22:07:34.0941 3972 bowser - ok
    22:07:34.0957 3972 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    22:07:34.0957 3972 BrFiltLo - ok
    22:07:34.0973 3972 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    22:07:34.0988 3972 BrFiltUp - ok
    22:07:35.0004 3972 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    22:07:35.0004 3972 Browser - ok
    22:07:35.0019 3972 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    22:07:35.0019 3972 Brserid - ok
    22:07:35.0035 3972 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    22:07:35.0051 3972 BrSerWdm - ok
    22:07:35.0082 3972 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    22:07:35.0097 3972 BrUsbMdm - ok
    22:07:35.0113 3972 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    22:07:35.0113 3972 BrUsbSer - ok
    22:07:35.0160 3972 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    22:07:35.0160 3972 BTHMODEM - ok
    22:07:35.0191 3972 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    22:07:35.0191 3972 bthserv - ok
    22:07:35.0222 3972 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    22:07:35.0238 3972 cdfs - ok
    22:07:35.0285 3972 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    22:07:35.0347 3972 cdrom - ok
    22:07:35.0409 3972 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    22:07:35.0409 3972 CertPropSvc - ok
    22:07:35.0425 3972 [ 7C6B5BE2696DFD2D0BF6C9EE20326EF8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
    22:07:35.0519 3972 cfwids - ok
    22:07:35.0565 3972 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    22:07:35.0581 3972 circlass - ok
    22:07:35.0597 3972 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    22:07:35.0597 3972 CLFS - ok
    22:07:35.0628 3972 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:07:35.0643 3972 clr_optimization_v2.0.50727_32 - ok
    22:07:35.0753 3972 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:07:35.0768 3972 clr_optimization_v2.0.50727_64 - ok
    22:07:35.0909 3972 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:07:35.0971 3972 clr_optimization_v4.0.30319_32 - ok
    22:07:36.0002 3972 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:07:36.0033 3972 clr_optimization_v4.0.30319_64 - ok
    22:07:36.0033 3972 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    22:07:36.0049 3972 CmBatt - ok
    22:07:36.0065 3972 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    22:07:36.0065 3972 cmdide - ok
    22:07:36.0080 3972 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    22:07:36.0080 3972 CNG - ok
    22:07:36.0096 3972 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    22:07:36.0111 3972 Compbatt - ok
    22:07:36.0127 3972 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    22:07:36.0174 3972 CompositeBus - ok
    22:07:36.0174 3972 COMSysApp - ok
    22:07:36.0189 3972 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    22:07:36.0189 3972 crcdisk - ok
    22:07:36.0205 3972 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    22:07:36.0252 3972 CryptSvc - ok
    22:07:36.0267 3972 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    22:07:36.0330 3972 CSC - ok
    22:07:36.0361 3972 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    22:07:36.0377 3972 CscService - ok
    22:07:36.0423 3972 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    22:07:36.0439 3972 DcomLaunch - ok
    22:07:36.0470 3972 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    22:07:36.0470 3972 defragsvc - ok
    22:07:36.0501 3972 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    22:07:36.0517 3972 DfsC - ok
    22:07:36.0548 3972 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    22:07:36.0548 3972 Dhcp - ok
    22:07:36.0564 3972 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    22:07:36.0564 3972 discache - ok
    22:07:36.0595 3972 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    22:07:36.0595 3972 Disk - ok
    22:07:36.0642 3972 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    22:07:36.0657 3972 Dnscache - ok
    22:07:36.0673 3972 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    22:07:36.0751 3972 dot3svc - ok
    22:07:36.0767 3972 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    22:07:36.0767 3972 DPS - ok
    22:07:36.0798 3972 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    22:07:36.0813 3972 drmkaud - ok
    22:07:36.0876 3972 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    22:07:36.0938 3972 DXGKrnl - ok
    22:07:36.0954 3972 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    22:07:36.0969 3972 EapHost - ok
    22:07:37.0063 3972 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    22:07:37.0298 3972 ebdrv - ok
    22:07:37.0314 3972 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    22:07:37.0314 3972 EFS - ok
    22:07:37.0454 3972 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    22:07:37.0470 3972 ehRecvr - ok
    22:07:37.0485 3972 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    22:07:37.0485 3972 ehSched - ok
    22:07:37.0532 3972 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    22:07:37.0548 3972 elxstor - ok
    22:07:37.0563 3972 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    22:07:37.0563 3972 ErrDev - ok
    22:07:37.0594 3972 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    22:07:37.0594 3972 EventSystem - ok
    22:07:37.0610 3972 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    22:07:37.0610 3972 exfat - ok
    22:07:37.0641 3972 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    22:07:37.0641 3972 fastfat - ok
    22:07:37.0672 3972 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    22:07:37.0688 3972 Fax - ok
    22:07:37.0704 3972 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    22:07:37.0704 3972 fdc - ok
    22:07:37.0719 3972 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    22:07:37.0719 3972 fdPHost - ok
    22:07:37.0735 3972 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    22:07:37.0735 3972 FDResPub - ok
    22:07:37.0735 3972 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    22:07:37.0735 3972 FileInfo - ok
    22:07:37.0750 3972 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    22:07:37.0750 3972 Filetrace - ok
    22:07:37.0766 3972 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    22:07:37.0766 3972 flpydisk - ok
    22:07:37.0782 3972 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    22:07:37.0782 3972 FltMgr - ok
    22:07:37.0891 3972 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    22:07:37.0969 3972 FontCache - ok
    22:07:38.0016 3972 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:07:38.0031 3972 FontCache3.0.0.0 - ok
    22:07:38.0062 3972 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    22:07:38.0078 3972 FsDepends - ok
    22:07:38.0094 3972 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    22:07:38.0172 3972 Fs_Rec - ok
    22:07:38.0234 3972 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    22:07:38.0250 3972 fvevol - ok
    22:07:38.0359 3972 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    22:07:38.0359 3972 gagp30kx - ok
    22:07:38.0390 3972 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    22:07:38.0437 3972 GEARAspiWDM - ok
    22:07:38.0515 3972 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    22:07:38.0655 3972 gpsvc - ok
    22:07:38.0671 3972 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    22:07:38.0671 3972 hcw85cir - ok
    22:07:38.0702 3972 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    22:07:38.0702 3972 HdAudAddService - ok
    22:07:38.0718 3972 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    22:07:38.0718 3972 HDAudBus - ok
    22:07:38.0733 3972 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    22:07:38.0733 3972 HidBatt - ok
    22:07:38.0733 3972 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    22:07:38.0749 3972 HidBth - ok
    22:07:38.0749 3972 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    22:07:38.0764 3972 HidIr - ok
    22:07:38.0780 3972 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    22:07:38.0780 3972 hidserv - ok
    22:07:38.0796 3972 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    22:07:38.0858 3972 HidUsb - ok
    22:07:38.0889 3972 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
    22:07:38.0967 3972 HipShieldK - ok
    22:07:38.0998 3972 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    22:07:39.0014 3972 hkmsvc - ok
    22:07:39.0045 3972 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    22:07:39.0061 3972 HomeGroupListener - ok
    22:07:39.0092 3972 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    22:07:39.0108 3972 HomeGroupProvider - ok
    22:07:39.0123 3972 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    22:07:39.0170 3972 HpSAMD - ok
    22:07:39.0186 3972 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    22:07:39.0201 3972 HTTP - ok
    22:07:39.0217 3972 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    22:07:39.0217 3972 hwpolicy - ok
    22:07:39.0232 3972 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    22:07:39.0232 3972 i8042prt - ok
    22:07:39.0264 3972 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    22:07:39.0310 3972 iaStorV - ok
    22:07:39.0373 3972 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:07:39.0622 3972 idsvc - ok
    22:07:39.0654 3972 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    22:07:39.0654 3972 iirsp - ok
    22:07:39.0669 3972 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    22:07:39.0685 3972 IKEEXT - ok
    22:07:39.0700 3972 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    22:07:39.0716 3972 intelide - ok
    22:07:39.0732 3972 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    22:07:39.0732 3972 intelppm - ok
    22:07:39.0747 3972 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    22:07:39.0747 3972 IPBusEnum - ok
    22:07:39.0763 3972 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    22:07:39.0825 3972 IpFilterDriver - ok
    22:07:39.0841 3972 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    22:07:39.0856 3972 iphlpsvc - ok
    22:07:39.0872 3972 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    22:07:39.0966 3972 IPMIDRV - ok
    22:07:39.0997 3972 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    22:07:40.0012 3972 IPNAT - ok
    22:07:40.0090 3972 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    22:07:40.0106 3972 iPod Service - ok
    22:07:40.0153 3972 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    22:07:40.0153 3972 IRENUM - ok
    22:07:40.0184 3972 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    22:07:40.0184 3972 isapnp - ok
    22:07:40.0231 3972 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    22:07:40.0293 3972 iScsiPrt - ok
    22:07:40.0324 3972 [ 112809CE3919156C484C5BBE61EEEE25 ] JmtFltr C:\Windows\system32\drivers\JmtFltr.sys
    22:07:40.0387 3972 JmtFltr - ok
    22:07:40.0387 3972 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    22:07:40.0387 3972 kbdclass - ok
    22:07:40.0418 3972 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    22:07:40.0480 3972 kbdhid - ok
    22:07:40.0496 3972 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    22:07:40.0496 3972 KeyIso - ok
    22:07:40.0512 3972 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    22:07:40.0527 3972 KSecDD - ok
    22:07:40.0558 3972 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    22:07:40.0605 3972 KSecPkg - ok
    22:07:40.0652 3972 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    22:07:40.0652 3972 ksthunk - ok
    22:07:40.0683 3972 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    22:07:40.0714 3972 KtmRm - ok
    22:07:40.0792 3972 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    22:07:40.0792 3972 LanmanServer - ok
    22:07:40.0824 3972 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    22:07:40.0824 3972 LanmanWorkstation - ok
    22:07:40.0839 3972 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    22:07:40.0839 3972 lltdio - ok
    22:07:40.0870 3972 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    22:07:40.0870 3972 lltdsvc - ok
    22:07:40.0886 3972 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    22:07:40.0886 3972 lmhosts - ok
    22:07:40.0902 3972 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    22:07:40.0917 3972 LSI_FC - ok
    22:07:40.0933 3972 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    22:07:40.0933 3972 LSI_SAS - ok
    22:07:40.0948 3972 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    22:07:40.0948 3972 LSI_SAS2 - ok
    22:07:40.0948 3972 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    22:07:40.0964 3972 LSI_SCSI - ok
    22:07:40.0964 3972 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    22:07:40.0964 3972 luafv - ok
    22:07:41.0058 3972 [ EDF73BFA1BD24D74D1D64DC0ED28A7CD ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
    22:07:41.0167 3972 LVUVC64 - ok
    22:07:41.0245 3972 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    22:07:41.0245 3972 MBAMProtector - ok
    22:07:41.0307 3972 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    22:07:41.0323 3972 MBAMScheduler - ok
    22:07:41.0338 3972 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    22:07:41.0354 3972 MBAMService - ok
    22:07:41.0401 3972 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:07:41.0401 3972 McAfee SiteAdvisor Service - ok
    22:07:41.0401 3972 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:07:41.0401 3972 McMPFSvc - ok
    22:07:41.0401 3972 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:07:41.0401 3972 mcmscsvc - ok
    22:07:41.0416 3972 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:07:41.0416 3972 McNaiAnn - ok
    22:07:41.0432 3972 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:07:41.0432 3972 McNASvc - ok
    22:07:41.0479 3972 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
    22:07:41.0479 3972 McODS - ok
    22:07:41.0526 3972 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:07:41.0526 3972 McProxy - ok
    22:07:41.0572 3972 [ D4F9C8CE2D7D5B9A1F739AADEBFFCA6F ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    22:07:41.0572 3972 McShield - ok
    22:07:41.0588 3972 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    22:07:41.0619 3972 Mcx2Svc - ok
    22:07:41.0635 3972 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    22:07:41.0650 3972 megasas - ok
    22:07:41.0650 3972 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    22:07:41.0666 3972 MegaSR - ok
    22:07:41.0682 3972 mfeapfk - ok
    22:07:41.0713 3972 [ 298C065BB9E09D5F14CCD9E8244DE4A0 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    22:07:41.0713 3972 mfeavfk - ok
    22:07:41.0728 3972 mfeavfk01 - ok
    22:07:41.0744 3972 [ AB66AF840EF1667AA73DDA6CE987D0E1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    22:07:41.0822 3972 mfefire - ok
    22:07:41.0853 3972 [ 4D604F0B85E98C5AD99B89AF72A4E28A ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    22:07:41.0900 3972 mfefirek - ok
    22:07:41.0947 3972 [ 85AFDEAD1366BED11A84A5C6FC0A65D2 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    22:07:41.0962 3972 mfehidk - ok
    22:07:41.0994 3972 [ 1B08579938FD72626D92F3C2219903EA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    22:07:42.0040 3972 mferkdet - ok
    22:07:42.0056 3972 [ 984BBBB9BE02EF838DABDF3F3126A91B ] mfevtp C:\Windows\system32\mfevtps.exe
    22:07:42.0072 3972 mfevtp - ok
    22:07:42.0072 3972 [ 6251BE428073704FF1002231520C8F16 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    22:07:42.0087 3972 mfewfpk - ok
    22:07:42.0103 3972 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    22:07:42.0103 3972 MMCSS - ok
    22:07:42.0118 3972 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    22:07:42.0118 3972 Modem - ok
    22:07:42.0150 3972 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    22:07:42.0150 3972 monitor - ok
    22:07:42.0165 3972 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    22:07:42.0165 3972 mouclass - ok
    22:07:42.0181 3972 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    22:07:42.0181 3972 mouhid - ok
    22:07:42.0196 3972 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    22:07:42.0196 3972 mountmgr - ok
    22:07:42.0228 3972 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    22:07:42.0228 3972 MozillaMaintenance - ok
    22:07:42.0243 3972 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    22:07:42.0290 3972 mpio - ok
    22:07:42.0306 3972 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    22:07:42.0306 3972 mpsdrv - ok
    22:07:42.0337 3972 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    22:07:42.0352 3972 MpsSvc - ok
    22:07:42.0368 3972 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    22:07:42.0430 3972 MRxDAV - ok
    22:07:42.0446 3972 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    22:07:42.0446 3972 mrxsmb - ok
    22:07:42.0462 3972 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    22:07:42.0462 3972 mrxsmb10 - ok
    22:07:42.0477 3972 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    22:07:42.0493 3972 mrxsmb20 - ok
    22:07:42.0493 3972 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    22:07:42.0493 3972 msahci - ok
    22:07:42.0540 3972 [ AAAC4B494DE45836121A40AEC980B631 ] MsDepSvc C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
    22:07:42.0540 3972 MsDepSvc - ok
    22:07:42.0555 3972 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    22:07:42.0618 3972 msdsm - ok
    22:07:42.0618 3972 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    22:07:42.0633 3972 MSDTC - ok
    22:07:42.0649 3972 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    22:07:42.0649 3972 Msfs - ok
    22:07:42.0664 3972 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    22:07:42.0664 3972 mshidkmdf - ok
    22:07:42.0680 3972 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    22:07:42.0680 3972 msisadrv - ok
    22:07:42.0711 3972 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    22:07:42.0711 3972 MSiSCSI - ok
    22:07:42.0711 3972 msiserver - ok
    22:07:42.0727 3972 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    22:07:42.0727 3972 MSK80Service - ok
    22:07:42.0742 3972 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    22:07:42.0758 3972 MSKSSRV - ok
    22:07:42.0758 3972 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
     
  4. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    Log file from TDSSKiller part 2 of 2

    22:07:42.0774 3972 MSPCLOCK - ok
    22:07:42.0789 3972 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    22:07:42.0805 3972 MSPQM - ok
    22:07:42.0820 3972 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    22:07:42.0820 3972 MsRPC - ok
    22:07:42.0836 3972 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    22:07:42.0836 3972 mssmbios - ok
    22:07:42.0852 3972 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    22:07:42.0852 3972 MSTEE - ok
    22:07:42.0852 3972 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    22:07:42.0852 3972 MTConfig - ok
    22:07:42.0867 3972 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    22:07:42.0867 3972 Mup - ok
    22:07:42.0898 3972 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    22:07:42.0898 3972 napagent - ok
    22:07:42.0914 3972 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    22:07:42.0930 3972 NativeWifiP - ok
    22:07:42.0961 3972 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    22:07:42.0976 3972 NDIS - ok
    22:07:42.0992 3972 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    22:07:42.0992 3972 NdisCap - ok
    22:07:43.0008 3972 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    22:07:43.0008 3972 NdisTapi - ok
    22:07:43.0039 3972 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    22:07:43.0070 3972 Ndisuio - ok
    22:07:43.0086 3972 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    22:07:43.0132 3972 NdisWan - ok
    22:07:43.0164 3972 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    22:07:43.0195 3972 NDProxy - ok
    22:07:43.0195 3972 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    22:07:43.0210 3972 NetBIOS - ok
    22:07:43.0226 3972 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    22:07:43.0273 3972 NetBT - ok
    22:07:43.0288 3972 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    22:07:43.0288 3972 Netlogon - ok
    22:07:43.0320 3972 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    22:07:43.0320 3972 Netman - ok
    22:07:43.0351 3972 [ 3E5A36127E201DDF663176B66828FAFE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:07:43.0351 3972 NetMsmqActivator - ok
    22:07:43.0366 3972 [ 3E5A36127E201DDF663176B66828FAFE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:07:43.0366 3972 NetPipeActivator - ok
    22:07:43.0366 3972 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    22:07:43.0382 3972 netprofm - ok
    22:07:43.0398 3972 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:07:43.0398 3972 NetTcpActivator - ok
    22:07:43.0398 3972 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:07:43.0398 3972 NetTcpPortSharing - ok
    22:07:43.0398 3972 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    22:07:43.0413 3972 nfrd960 - ok
    22:07:43.0429 3972 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    22:07:43.0429 3972 NlaSvc - ok
    22:07:43.0444 3972 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    22:07:43.0444 3972 Npfs - ok
    22:07:43.0460 3972 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    22:07:43.0460 3972 nsi - ok
    22:07:43.0476 3972 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    22:07:43.0476 3972 nsiproxy - ok
    22:07:43.0538 3972 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    22:07:43.0554 3972 Ntfs - ok
    22:07:43.0585 3972 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    22:07:43.0585 3972 Null - ok
    22:07:43.0616 3972 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    22:07:43.0616 3972 NVENETFD - ok
    22:07:43.0647 3972 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
    22:07:43.0694 3972 NVHDA - ok
    22:07:43.0928 3972 [ BF7A24A71E1932200D864BC1CE15E596 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    22:07:44.0178 3972 nvlddmkm - ok
    22:07:44.0209 3972 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    22:07:44.0240 3972 nvraid - ok
    22:07:44.0271 3972 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    22:07:44.0271 3972 nvstor - ok
    22:07:44.0287 3972 [ 43F91595049DE14C4B61D1E76436164F ] nvsvc C:\Windows\system32\nvvsvc.exe
    22:07:44.0318 3972 nvsvc - ok
    22:07:44.0380 3972 [ 4E5C5D88EB0A8D21824D5A3EB7327E69 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    22:07:44.0505 3972 nvUpdatusService - ok
    22:07:44.0521 3972 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    22:07:44.0521 3972 nv_agp - ok
    22:07:44.0568 3972 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    22:07:44.0568 3972 odserv - ok
    22:07:44.0583 3972 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    22:07:44.0583 3972 ohci1394 - ok
    22:07:44.0614 3972 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:07:44.0692 3972 ose - ok
    22:07:44.0708 3972 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    22:07:44.0708 3972 p2pimsvc - ok
    22:07:44.0739 3972 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    22:07:44.0739 3972 p2psvc - ok
    22:07:44.0770 3972 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    22:07:44.0770 3972 Parport - ok
    22:07:44.0802 3972 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    22:07:44.0802 3972 partmgr - ok
    22:07:44.0802 3972 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    22:07:44.0817 3972 PcaSvc - ok
    22:07:44.0833 3972 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    22:07:44.0833 3972 pci - ok
    22:07:44.0833 3972 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    22:07:44.0833 3972 pciide - ok
    22:07:44.0848 3972 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    22:07:44.0848 3972 pcmcia - ok
    22:07:44.0864 3972 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    22:07:44.0864 3972 pcw - ok
    22:07:44.0880 3972 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    22:07:44.0880 3972 PEAUTH - ok
    22:07:44.0911 3972 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    22:07:44.0942 3972 PeerDistSvc - ok
    22:07:44.0989 3972 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    22:07:44.0989 3972 PerfHost - ok
    22:07:45.0020 3972 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    22:07:45.0067 3972 pla - ok
    22:07:45.0098 3972 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    22:07:45.0098 3972 PlugPlay - ok
    22:07:45.0114 3972 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    22:07:45.0129 3972 PNRPAutoReg - ok
    22:07:45.0129 3972 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    22:07:45.0129 3972 PNRPsvc - ok
    22:07:45.0160 3972 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    22:07:45.0160 3972 PolicyAgent - ok
    22:07:45.0192 3972 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    22:07:45.0192 3972 Power - ok
    22:07:45.0207 3972 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    22:07:45.0254 3972 PptpMiniport - ok
    22:07:45.0270 3972 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    22:07:45.0270 3972 Processor - ok
    22:07:45.0285 3972 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    22:07:45.0285 3972 ProfSvc - ok
    22:07:45.0285 3972 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    22:07:45.0301 3972 ProtectedStorage - ok
    22:07:45.0316 3972 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    22:07:45.0316 3972 Psched - ok
    22:07:45.0363 3972 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    22:07:45.0410 3972 ql2300 - ok
    22:07:45.0410 3972 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    22:07:45.0426 3972 ql40xx - ok
    22:07:45.0441 3972 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    22:07:45.0441 3972 QWAVE - ok
    22:07:45.0457 3972 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    22:07:45.0457 3972 QWAVEdrv - ok
    22:07:45.0472 3972 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    22:07:45.0472 3972 RasAcd - ok
    22:07:45.0504 3972 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    22:07:45.0504 3972 RasAgileVpn - ok
    22:07:45.0504 3972 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    22:07:45.0519 3972 RasAuto - ok
    22:07:45.0535 3972 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    22:07:45.0582 3972 Rasl2tp - ok
    22:07:45.0613 3972 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    22:07:45.0675 3972 RasMan - ok
    22:07:45.0691 3972 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    22:07:45.0691 3972 RasPppoe - ok
    22:07:45.0722 3972 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    22:07:45.0722 3972 RasSstp - ok
    22:07:45.0753 3972 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    22:07:45.0753 3972 rdbss - ok
    22:07:45.0769 3972 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    22:07:45.0769 3972 rdpbus - ok
    22:07:45.0784 3972 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    22:07:45.0784 3972 RDPCDD - ok
    22:07:45.0816 3972 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    22:07:45.0847 3972 RDPDR - ok
    22:07:45.0862 3972 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    22:07:45.0862 3972 RDPENCDD - ok
    22:07:45.0878 3972 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    22:07:45.0878 3972 RDPREFMP - ok
    22:07:45.0894 3972 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    22:07:45.0940 3972 RDPWD - ok
    22:07:45.0956 3972 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    22:07:45.0956 3972 rdyboost - ok
    22:07:46.0003 3972 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    22:07:46.0003 3972 RemoteAccess - ok
    22:07:46.0018 3972 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    22:07:46.0018 3972 RemoteRegistry - ok
    22:07:46.0034 3972 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    22:07:46.0034 3972 RpcEptMapper - ok
    22:07:46.0050 3972 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    22:07:46.0050 3972 RpcLocator - ok
    22:07:46.0081 3972 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    22:07:46.0081 3972 RpcSs - ok
    22:07:46.0112 3972 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    22:07:46.0128 3972 rspndr - ok
    22:07:46.0143 3972 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    22:07:46.0174 3972 s3cap - ok
    22:07:46.0174 3972 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    22:07:46.0174 3972 SamSs - ok
    22:07:46.0190 3972 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    22:07:46.0237 3972 sbp2port - ok
    22:07:46.0252 3972 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    22:07:46.0252 3972 SCardSvr - ok
    22:07:46.0284 3972 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    22:07:46.0346 3972 scfilter - ok
    22:07:46.0377 3972 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    22:07:46.0408 3972 Schedule - ok
    22:07:46.0424 3972 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    22:07:46.0424 3972 SCPolicySvc - ok
    22:07:46.0440 3972 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    22:07:46.0486 3972 SDRSVC - ok
    22:07:46.0502 3972 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    22:07:46.0518 3972 secdrv - ok
    22:07:46.0533 3972 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    22:07:46.0564 3972 seclogon - ok
    22:07:46.0596 3972 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    22:07:46.0596 3972 SENS - ok
    22:07:46.0596 3972 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    22:07:46.0596 3972 SensrSvc - ok
    22:07:46.0642 3972 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    22:07:46.0642 3972 Serenum - ok
    22:07:46.0658 3972 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    22:07:46.0658 3972 Serial - ok
    22:07:46.0674 3972 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    22:07:46.0674 3972 sermouse - ok
    22:07:46.0720 3972 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    22:07:46.0752 3972 SessionEnv - ok
    22:07:46.0767 3972 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    22:07:46.0783 3972 sffdisk - ok
    22:07:46.0783 3972 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    22:07:46.0783 3972 sffp_mmc - ok
    22:07:46.0798 3972 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    22:07:46.0845 3972 sffp_sd - ok
    22:07:46.0861 3972 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    22:07:46.0861 3972 sfloppy - ok
    22:07:46.0892 3972 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    22:07:46.0892 3972 SharedAccess - ok
    22:07:46.0908 3972 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    22:07:46.0954 3972 ShellHWDetection - ok
    22:07:46.0970 3972 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    22:07:46.0970 3972 SiSRaid2 - ok
    22:07:46.0970 3972 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    22:07:46.0986 3972 SiSRaid4 - ok
    22:07:47.0001 3972 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    22:07:47.0001 3972 Smb - ok
    22:07:47.0048 3972 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    22:07:47.0048 3972 SNMPTRAP - ok
    22:07:47.0095 3972 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys
    22:07:47.0095 3972 speedfan - ok
    22:07:47.0110 3972 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    22:07:47.0126 3972 spldr - ok
    22:07:47.0142 3972 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    22:07:47.0142 3972 Spooler - ok
    22:07:47.0204 3972 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    22:07:47.0266 3972 sppsvc - ok
    22:07:47.0266 3972 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    22:07:47.0282 3972 sppuinotify - ok
    22:07:47.0298 3972 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    22:07:47.0344 3972 srv - ok
    22:07:47.0360 3972 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    22:07:47.0360 3972 srv2 - ok
    22:07:47.0376 3972 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    22:07:47.0391 3972 srvnet - ok
    22:07:47.0422 3972 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    22:07:47.0422 3972 SSDPSRV - ok
    22:07:47.0438 3972 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    22:07:47.0438 3972 SstpSvc - ok
    22:07:47.0454 3972 Steam Client Service - ok
    22:07:47.0516 3972 [ A766CCAD980235FF34E7F8089D3175A3 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    22:07:47.0516 3972 Stereo Service - ok
    22:07:47.0532 3972 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    22:07:47.0547 3972 stexstor - ok
    22:07:47.0578 3972 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    22:07:47.0578 3972 stisvc - ok
    22:07:47.0594 3972 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    22:07:47.0594 3972 storflt - ok
    22:07:47.0625 3972 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
    22:07:47.0625 3972 StorSvc - ok
    22:07:47.0625 3972 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    22:07:47.0672 3972 storvsc - ok
    22:07:47.0703 3972 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    22:07:47.0703 3972 swenum - ok
    22:07:47.0719 3972 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    22:07:47.0734 3972 swprv - ok
    22:07:47.0812 3972 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    22:07:47.0875 3972 SysMain - ok
    22:07:47.0890 3972 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    22:07:47.0922 3972 TabletInputService - ok
    22:07:47.0937 3972 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    22:07:47.0968 3972 TapiSrv - ok
    22:07:47.0984 3972 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    22:07:48.0000 3972 TBS - ok
    22:07:48.0031 3972 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    22:07:48.0062 3972 Tcpip - ok
    22:07:48.0078 3972 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    22:07:48.0093 3972 TCPIP6 - ok
    22:07:48.0124 3972 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    22:07:48.0156 3972 tcpipreg - ok
    22:07:48.0187 3972 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    22:07:48.0187 3972 TDPIPE - ok
    22:07:48.0202 3972 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    22:07:48.0249 3972 TDTCP - ok
    22:07:48.0265 3972 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    22:07:48.0312 3972 tdx - ok
    22:07:48.0327 3972 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    22:07:48.0358 3972 TermDD - ok
    22:07:48.0390 3972 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    22:07:48.0405 3972 TermService - ok
    22:07:48.0405 3972 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    22:07:48.0405 3972 Themes - ok
    22:07:48.0436 3972 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    22:07:48.0436 3972 THREADORDER - ok
    22:07:48.0436 3972 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    22:07:48.0452 3972 TrkWks - ok
    22:07:48.0483 3972 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    22:07:48.0483 3972 TrustedInstaller - ok
    22:07:48.0499 3972 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    22:07:48.0546 3972 tssecsrv - ok
    22:07:48.0577 3972 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    22:07:48.0624 3972 TsUsbFlt - ok
    22:07:48.0655 3972 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    22:07:48.0702 3972 tunnel - ok
    22:07:48.0717 3972 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    22:07:48.0717 3972 uagp35 - ok
    22:07:48.0748 3972 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    22:07:48.0795 3972 udfs - ok
    22:07:48.0811 3972 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    22:07:48.0811 3972 UI0Detect - ok
    22:07:48.0826 3972 [ 75894B827B8CA53FC2BB991C91B6728C ] uisp C:\Windows\system32\Drivers\usbicp.sys
    22:07:48.0889 3972 uisp - ok
    22:07:48.0904 3972 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    22:07:48.0904 3972 uliagpkx - ok
    22:07:48.0936 3972 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    22:07:48.0967 3972 umbus - ok
    22:07:48.0967 3972 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    22:07:48.0967 3972 UmPass - ok
    22:07:48.0998 3972 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    22:07:48.0998 3972 UmRdpService - ok
    22:07:49.0014 3972 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    22:07:49.0014 3972 upnphost - ok
    22:07:49.0045 3972 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    22:07:49.0092 3972 USBAAPL64 - ok
    22:07:49.0107 3972 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    22:07:49.0154 3972 usbaudio - ok
    22:07:49.0170 3972 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    22:07:49.0232 3972 usbccgp - ok
    22:07:49.0248 3972 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    22:07:49.0248 3972 usbcir - ok
    22:07:49.0248 3972 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    22:07:49.0294 3972 usbehci - ok
    22:07:49.0326 3972 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    22:07:49.0357 3972 usbhub - ok
    22:07:49.0372 3972 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    22:07:49.0419 3972 usbohci - ok
    22:07:49.0435 3972 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    22:07:49.0435 3972 usbprint - ok
    22:07:49.0466 3972 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    22:07:49.0513 3972 USBSTOR - ok
    22:07:49.0528 3972 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    22:07:49.0591 3972 usbuhci - ok
    22:07:49.0622 3972 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    22:07:49.0653 3972 usbvideo - ok
    22:07:49.0669 3972 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    22:07:49.0684 3972 UxSms - ok
    22:07:49.0684 3972 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    22:07:49.0684 3972 VaultSvc - ok
    22:07:49.0747 3972 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    22:07:49.0762 3972 vdrvroot - ok
    22:07:49.0840 3972 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    22:07:49.0903 3972 vds - ok
    22:07:49.0903 3972 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    22:07:49.0918 3972 vga - ok
    22:07:49.0918 3972 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    22:07:49.0918 3972 VgaSave - ok
    22:07:49.0934 3972 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    22:07:49.0981 3972 vhdmp - ok
    22:07:50.0012 3972 [ 52290E2E0BFAE61D622AA8B9B3A4CB4E ] vhidmini C:\Windows\system32\DRIVERS\vhidmini.sys
    22:07:50.0074 3972 vhidmini - ok
    22:07:50.0074 3972 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    22:07:50.0090 3972 viaide - ok
    22:07:50.0090 3972 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    22:07:50.0090 3972 vmbus - ok
    22:07:50.0106 3972 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    22:07:50.0137 3972 VMBusHID - ok
    22:07:50.0152 3972 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    22:07:50.0152 3972 volmgr - ok
    22:07:50.0184 3972 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    22:07:50.0184 3972 volmgrx - ok
    22:07:50.0199 3972 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    22:07:50.0199 3972 volsnap - ok
    22:07:50.0215 3972 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    22:07:50.0215 3972 vsmraid - ok
    22:07:50.0262 3972 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    22:07:50.0277 3972 VSS - ok
    22:07:50.0308 3972 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    22:07:50.0308 3972 vwifibus - ok
    22:07:50.0324 3972 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    22:07:50.0324 3972 vwififlt - ok
    22:07:50.0355 3972 [ 1C9D80CC3849B3788048078C26486E1A ] w32time C:\Windows\system32\w32time.DLL
    22:07:50.0355 3972 w32time - ok
    22:07:50.0371 3972 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    22:07:50.0371 3972 WacomPen - ok
    22:07:50.0386 3972 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    22:07:50.0418 3972 WANARP - ok
    22:07:50.0433 3972 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    22:07:50.0433 3972 Wanarpv6 - ok
    22:07:50.0464 3972 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    22:07:50.0542 3972 WatAdminSvc - ok
    22:07:50.0574 3972 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    22:07:50.0667 3972 wbengine - ok
    22:07:50.0683 3972 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    22:07:50.0683 3972 WbioSrvc - ok
    22:07:50.0714 3972 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    22:07:50.0761 3972 wcncsvc - ok
    22:07:50.0776 3972 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    22:07:50.0776 3972 WcsPlugInService - ok
    22:07:50.0792 3972 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    22:07:50.0808 3972 Wd - ok
    22:07:50.0823 3972 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    22:07:50.0823 3972 Wdf01000 - ok
    22:07:50.0839 3972 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    22:07:50.0839 3972 WdiServiceHost - ok
    22:07:50.0839 3972 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    22:07:50.0839 3972 WdiSystemHost - ok
    22:07:50.0854 3972 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    22:07:50.0886 3972 WebClient - ok
    22:07:50.0886 3972 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    22:07:50.0901 3972 Wecsvc - ok
    22:07:50.0901 3972 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    22:07:50.0901 3972 wercplsupport - ok
    22:07:50.0932 3972 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    22:07:50.0932 3972 WerSvc - ok
    22:07:50.0948 3972 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    22:07:50.0948 3972 WfpLwf - ok
    22:07:50.0964 3972 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    22:07:50.0964 3972 WIMMount - ok
    22:07:50.0979 3972 WinDefend - ok
    22:07:50.0979 3972 WinHttpAutoProxySvc - ok
    22:07:51.0010 3972 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    22:07:51.0010 3972 Winmgmt - ok
    22:07:51.0073 3972 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
    22:07:51.0073 3972 WinRing0_1_2_0 - ok
    22:07:51.0120 3972 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    22:07:51.0182 3972 WinRM - ok
    22:07:51.0213 3972 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    22:07:51.0260 3972 WinUsb - ok
    22:07:51.0291 3972 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    22:07:51.0291 3972 Wlansvc - ok
    22:07:51.0354 3972 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:07:51.0400 3972 wlidsvc - ok
    22:07:51.0416 3972 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    22:07:51.0416 3972 WmiAcpi - ok
    22:07:51.0432 3972 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    22:07:51.0447 3972 wmiApSrv - ok
    22:07:51.0463 3972 WMPNetworkSvc - ok
    22:07:51.0463 3972 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    22:07:51.0478 3972 WPCSvc - ok
    22:07:51.0494 3972 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    22:07:51.0494 3972 WPDBusEnum - ok
    22:07:51.0525 3972 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    22:07:51.0525 3972 ws2ifsl - ok
    22:07:51.0541 3972 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    22:07:51.0541 3972 wscsvc - ok
    22:07:51.0541 3972 WSearch - ok
    22:07:51.0603 3972 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    22:07:51.0650 3972 wuauserv - ok
    22:07:51.0681 3972 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    22:07:51.0712 3972 WudfPf - ok
    22:07:51.0759 3972 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    22:07:51.0759 3972 WUDFRd - ok
    22:07:51.0775 3972 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    22:07:51.0806 3972 wudfsvc - ok
    22:07:51.0837 3972 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    22:07:51.0837 3972 WwanSvc - ok
    22:07:51.0868 3972 ================ Scan global ===============================
    22:07:51.0884 3972 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    22:07:51.0900 3972 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    22:07:51.0915 3972 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    22:07:51.0931 3972 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    22:07:51.0946 3972 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    22:07:51.0946 3972 [Global] - ok
    22:07:51.0946 3972 ================ Scan MBR ==================================
    22:07:51.0962 3972 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    22:07:51.0962 3972 \Device\Harddisk0\DR0 - ok
    22:07:51.0962 3972 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    22:07:51.0978 3972 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - infected
    22:07:51.0978 3972 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Sinowal.b (0)
    22:07:51.0978 3972 ================ Scan VBR ==================================
    22:07:51.0978 3972 [ 0494E77B688743261D9A6FC5A2EF3169 ] \Device\Harddisk0\DR0\Partition1
    22:07:51.0978 3972 \Device\Harddisk0\DR0\Partition1 - ok
    22:07:51.0978 3972 [ 2293803E354F325B96F3658EA4FFA43D ] \Device\Harddisk1\DR1\Partition1
    22:07:51.0978 3972 \Device\Harddisk1\DR1\Partition1 - ok
    22:07:51.0978 3972 ============================================================
    22:07:51.0978 3972 Scan finished
    22:07:51.0978 3972 ============================================================
    22:07:51.0993 1376 Detected object count: 1
    22:07:51.0993 1376 Actual detected object count: 1
    22:08:25.0923 1376 \Device\Harddisk1\DR1\# - copied to quarantine
    22:08:25.0923 1376 \Device\Harddisk1\DR1 - copied to quarantine
    22:08:25.0954 1376 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - will be cured on reboot
    22:08:25.0954 1376 \Device\Harddisk1\DR1 - ok
    22:08:25.0954 1376 \Device\Harddisk1\DR1 ( Rootkit.Boot.Sinowal.b ) - User select action: Cure
    22:08:29.0199 4580 Deinitialize success
     
  5. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    RK report 1 of 2

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Brandon [Admin rights]
    Mode : Scan -- Date : 10/21/2012 22:21:59

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 16 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : (C:\Users\Brandon\AppData\Local\Temp\4.245763954103653E8) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1531979968-3860558922-4145543149-1000[...]\Run : Best Buy pc app (C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1531979968-3860558922-4145543149-1000[...]\Run : (C:\Users\Brandon\AppData\Local\Temp\4.245763954103653E8) -> FOUND
    [TASK][SUSP PATH] {05C4B191-147B-4651-A945-8446642D6931} : C:\Windows\system32\pcalua.exe -a C:\Users\Brandon\Desktop\McPreInstall.exe -d C:\Users\Brandon\Desktop -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @UpdatusUser : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1531979968-3860558922-4145543149-1000\$a2d34e51140ff7dcef5158b74bb85fb6\n.) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1531979968-3860558922-4145543149-1000\$a2d34e51140ff7dcef5158b74bb85fb6\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1531979968-3860558922-4145543149-1000\$a2d34e51140ff7dcef5158b74bb85fb6\L --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD10 01FALS-00Y6A SCSI Disk Device +++++
    --- User ---
    [MBR] b8c50317995acedf53ed6f7e8016d4cd
    [BSP] 6ce3f73f747602741c1cf95a6b41d8c0 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: WDC WD15 00HLFS-01G6U SCSI Disk Device +++++
    --- User ---
    [MBR] ddb607bb545b07e9ba4f75fab67c0c51
    [BSP] b173d6ec673e0914b2146ca8e3315e36 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143078 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  6. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    RK report 2 of 2

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Brandon [Admin rights]
    Mode : Remove -- Date : 10/21/2012 22:23:13

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 11 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Best Buy pc app (C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : (C:\Users\Brandon\AppData\Local\Temp\4.245763954103653E8) -> DELETED
    [TASK][SUSP PATH] {05C4B191-147B-4651-A945-8446642D6931} : C:\Windows\system32\pcalua.exe -a C:\Users\Brandon\Desktop\McPreInstall.exe -d C:\Users\Brandon\Desktop -> DELETED
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
    [STARTUP][SUSP PATH] Best Buy pc app.lnk @UpdatusUser : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> DELETED
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1531979968-3860558922-4145543149-1000\$a2d34e51140ff7dcef5158b74bb85fb6\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [Del.Parent][FILE] 80000064.@ : C:\$recycle.bin\S-1-5-21-1531979968-3860558922-4145543149-1000\$a2d34e51140ff7dcef5158b74bb85fb6\U\80000064.@ --> REMOVED AT REBOOT
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1531979968-3860558922-4145543149-1000\$a2d34e51140ff7dcef5158b74bb85fb6\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\$recycle.bin\S-1-5-21-1531979968-3860558922-4145543149-1000\$a2d34e51140ff7dcef5158b74bb85fb6\L\00000004.@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1531979968-3860558922-4145543149-1000\$a2d34e51140ff7dcef5158b74bb85fb6\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD10 01FALS-00Y6A SCSI Disk Device +++++
    --- User ---
    [MBR] b8c50317995acedf53ed6f7e8016d4cd
    [BSP] 6ce3f73f747602741c1cf95a6b41d8c0 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: WDC WD15 00HLFS-01G6U SCSI Disk Device +++++
    --- User ---
    [MBR] ddb607bb545b07e9ba4f75fab67c0c51
    [BSP] b173d6ec673e0914b2146ca8e3315e36 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 143078 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  7. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    aswMBR log file

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-21 22:37:52
    -----------------------------
    22:37:52.144 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:37:52.144 Number of processors: 2 586 0x170A
    22:37:52.144 ComputerName: BRANDON-PC UserName: Brandon
    22:37:52.908 Initialize success
    22:41:19.010 AVAST engine defs: 12102101
    22:44:02.877 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000064
    22:44:02.877 Disk 0 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 3
    22:44:02.892 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000066
    22:44:02.892 Disk 1 Vendor: WDC_WD15 04.0 Size: 143089MB BusType: 3
    22:44:02.908 Disk 1 MBR read successfully
    22:44:02.908 Disk 1 MBR scan
    22:44:02.986 Disk 1 Windows XP default MBR code
    22:44:02.986 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143078 MB offset 63
    22:44:03.048 Disk 1 scanning C:\Windows\system32\drivers
    22:44:11.192 Service scanning
    22:44:26.932 Modules scanning
    22:44:26.932 Disk 1 trace - called modules:
    22:44:26.932 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
    22:44:26.948 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa80052d3060]
    22:44:26.948 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80050eae40]
    22:44:26.948 5 ACPI.sys[fffff88000ec17a1] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80050e79c0]
    22:44:28.024 AVAST engine scan C:\Windows
    22:44:29.303 AVAST engine scan C:\Windows\system32
    22:47:32.970 AVAST engine scan C:\Windows\system32\drivers
    22:47:40.739 AVAST engine scan C:\Users\Brandon
    22:49:25.418 Disk 1 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
    22:49:25.449 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  9. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    I am not sure when it happened but sometime during these scans, cleaning, and logs one of these programs put my user profile folder on the desktop and myComputer shortcut on the desktop... Can I delete these or do I need to do something with them? I do not want them there if they do not need to be there.
     
  10. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    ComboFix 12-10-21.02 - Brandon 10/21/2012 23:17:47.1.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.623 [GMT -5:00]
    Running from: c:\users\Brandon\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\huadio.tmp
    C:\mapmem.tmp
    c:\program files (x86)\FREEzeFrog
    c:\program files (x86)\StartNow Toolbar
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
    c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
    c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
    c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
    c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
    c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
    c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
    c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
    c:\program files (x86)\StartNow Toolbar\Resources\update.xml
    c:\program files (x86)\StartNow Toolbar\uninstall.dat
    c:\users\Brandon\AppData\Local\assembly\tmp
    c:\users\Brandon\AppData\Roaming\FREEzeFrog
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldialog.xul
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\htmldropdown.xul
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\index.html
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\NotIE6.css
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\OnlyIE6.css
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\SearchProtectIcon.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\protect\window.css
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\index.html
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\LeftImage.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\NotIE6.css
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\OnlyIE6.css
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\reactivate\window.css
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
    c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\searchplugins\bing-zugo.xml
    c:\users\Brandon\GoToAssistDownloadHelper.exe
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_nvsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-22 04:26 . 2012-10-22 04:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-10-22 04:26 . 2012-10-22 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-22 03:08 . 2012-10-22 03:08 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-21 08:43 . 2012-10-21 08:43 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes
    2012-10-21 08:42 . 2012-10-21 08:42 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-21 08:42 . 2012-10-21 08:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-21 08:42 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-18 01:42 . 2012-10-18 02:40 -------- d-----w- c:\users\Brandon\AppData\Roaming\Mumble
    2012-10-18 01:42 . 2012-10-18 01:42 -------- d-----w- c:\program files (x86)\Mumble
    2012-10-16 16:53 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-16 16:53 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-16 16:53 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-10-16 16:53 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-10-16 16:53 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-10-16 16:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-10-16 16:52 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-16 16:52 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-10-16 16:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-16 16:46 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-16 16:46 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-16 16:46 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-16 16:46 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-16 16:46 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-16 16:46 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-16 16:32 . 2012-04-20 21:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2012-10-16 16:30 . 2012-07-17 19:51 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-10-16 16:30 . 2012-10-16 16:31 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2012-10-16 16:30 . 2012-07-17 19:55 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-10-16 16:30 . 2012-07-17 19:51 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-10-16 16:30 . 2012-07-17 19:49 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-10-16 16:30 . 2012-07-17 19:48 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-10-16 16:30 . 2012-10-16 16:31 -------- d-----w- c:\program files\Common Files\McAfee
    2012-10-16 16:30 . 2012-10-16 16:32 -------- d-----w- c:\program files\McAfee
    2012-10-16 16:30 . 2012-10-16 20:48 -------- d-----w- c:\program files (x86)\McAfee
    2012-10-16 16:14 . 2012-10-16 16:14 -------- d-----w- C:\mfe
    2012-10-16 16:07 . 2012-07-17 19:52 177144 ----a-w- c:\windows\system32\mfevtps.exe
    2012-10-16 16:04 . 2012-10-16 16:04 -------- d-----w- c:\programdata\Citrix
    2012-10-16 15:55 . 2012-10-16 15:55 -------- d-----w- c:\program files (x86)\Citrix
    2012-10-16 15:55 . 2012-10-16 15:55 -------- d-----w- c:\users\Brandon\AppData\Local\Citrix
    2012-10-15 12:54 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68D2397E-40FD-480A-976F-0F083EC6F224}\mpengine.dll
    2012-10-14 04:58 . 2012-10-14 04:58 -------- d-----w- c:\windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
    2012-10-14 00:36 . 2012-10-14 00:37 -------- d-----w- c:\program files (x86)\SpeedFan
    2012-09-25 15:54 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-25 15:54 . 2012-09-25 15:54 -------- d-----w- c:\program files\iPod
    2012-09-25 15:54 . 2012-09-25 15:54 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-25 15:54 . 2012-09-25 15:54 -------- d-----w- c:\program files\iTunes
    2012-09-25 15:54 . 2012-09-25 15:54 -------- d-----w- c:\program files (x86)\iTunes
    2012-09-25 15:53 . 2012-09-25 15:53 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-09-25 15:53 . 2012-09-25 15:53 -------- d-----w- c:\program files\Common Files\Apple
    2012-09-25 15:53 . 2012-09-25 15:53 -------- d-----w- c:\program files\Bonjour
    2012-09-25 15:53 . 2012-09-25 15:53 -------- d-----w- c:\program files (x86)\Bonjour
    2012-09-25 15:52 . 2012-09-25 15:54 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2012-09-24 14:19 . 2012-10-21 08:53 -------- d-----w- c:\users\Brandon\AppData\Local\Bugsplat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-28 05:18 . 2011-08-05 08:02 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-21 03:17 . 2012-08-09 05:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-09-21 03:17 . 2012-08-09 05:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-08-31 03:48 . 2012-07-30 05:34 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-08-31 03:48 . 2012-07-30 05:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-08-30 19:14 . 2012-07-30 02:13 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-08-30 19:14 . 2012-07-30 02:13 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-08-30 19:14 . 2012-05-10 19:44 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-08-30 19:14 . 2011-08-28 13:00 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-08-30 19:14 . 2011-08-02 00:13 2725224 ----a-w- c:\windows\system32\nvapi64.dll
    2012-08-30 16:18 . 2011-08-02 00:13 891240 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-08-30 16:18 . 2011-08-02 00:13 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-08-30 16:18 . 2011-08-02 00:13 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-08-30 16:18 . 2012-07-29 22:14 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-08-30 16:18 . 2011-08-02 00:13 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-08-30 16:17 . 2011-08-02 00:13 6198120 ----a-w- c:\windows\system32\nvcpl.dll
    2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-08-29 03:20 . 2012-08-29 03:20 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-08-29 03:20 . 2012-08-29 03:20 188904 ----a-w- c:\windows\system32\java.exe
    2012-08-29 03:20 . 2012-08-29 03:20 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-29 03:20 . 2012-08-13 03:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-29 03:20 . 2012-08-13 03:30 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-21 18:01 . 2012-08-21 18:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 18:01 . 2012-08-21 18:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-09 05:45 . 2012-08-09 05:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-08-09 05:44 . 2012-08-09 05:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-30 05:34 . 2012-07-30 05:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-30 05:33 . 2012-07-30 05:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...xMCsxLUYxME0xMkFUQk4rMQ&prod=90&ver=10.0.1416" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464]
    R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-03 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
    S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
    S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-03-23 1101600]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - ExtSQL: 2012-10-16 15:49; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
    Toolbar-10 - (no file)
    SafeBoot-01223632.sys
    Toolbar-10 - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
    "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1531979968-3860558922-4145543149-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAFDE38B-9DF7-9413-34FB-8864AC837654}*]
    "oabhdkfjbbfagkmlkodhdfehckhlio"=hex:6a,61,66,65,6b,65,65,6b,6d,64,6c,61,63,63,
    62,65,6b,6f,65,65,00,f5
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.9"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9e.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-21 23:32:06 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-22 04:32
    .
    Pre-Run: 18,814,783,488 bytes free
    Post-Run: 18,225,827,840 bytes free
    .
    - - End Of File - - 69728D42EED0DF99696CFF92A34343FD
     
  11. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    Yes.

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    RegNull::
    [HKEY_USERS\S-1-5-21-1531979968-3860558922-4145543149-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DAFDE38B-9DF7-9413-34FB-8864AC837654}*]
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
     
  12. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    ComboFix 12-10-22.03 - Brandon 10/22/2012 22:19:29.2.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2987 [GMT -5:00]
    Running from: c:\users\Brandon\Desktop\ComboFix.exe
    Command switches used :: c:\users\Brandon\Desktop\CFScript.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-23 to 2012-10-23 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-23 03:39 . 2012-10-23 03:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-10-23 03:39 . 2012-10-23 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-22 03:08 . 2012-10-22 03:08 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-21 08:43 . 2012-10-21 08:43 -------- d-----w- c:\users\Brandon\AppData\Roaming\Malwarebytes
    2012-10-21 08:42 . 2012-10-21 08:42 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-21 08:42 . 2012-10-21 08:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-21 08:42 . 2012-09-30 00:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-18 01:42 . 2012-10-18 02:40 -------- d-----w- c:\users\Brandon\AppData\Roaming\Mumble
    2012-10-18 01:42 . 2012-10-18 01:42 -------- d-----w- c:\program files (x86)\Mumble
    2012-10-16 16:53 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-16 16:53 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-16 16:53 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
    2012-10-16 16:53 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
    2012-10-16 16:53 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
    2012-10-16 16:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
    2012-10-16 16:52 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-16 16:52 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-10-16 16:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-16 16:46 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-16 16:46 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-16 16:46 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-16 16:46 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-16 16:46 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-16 16:46 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-16 16:32 . 2012-04-20 21:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2012-10-16 16:30 . 2012-07-17 19:51 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-10-16 16:30 . 2012-10-16 16:31 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2012-10-16 16:30 . 2012-07-17 19:55 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-10-16 16:30 . 2012-07-17 19:51 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-10-16 16:30 . 2012-07-17 19:49 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-10-16 16:30 . 2012-07-17 19:48 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-10-16 16:30 . 2012-10-16 16:31 -------- d-----w- c:\program files\Common Files\McAfee
    2012-10-16 16:30 . 2012-10-16 16:32 -------- d-----w- c:\program files\McAfee
    2012-10-16 16:30 . 2012-10-16 20:48 -------- d-----w- c:\program files (x86)\McAfee
    2012-10-16 16:14 . 2012-10-16 16:14 -------- d-----w- C:\mfe
    2012-10-16 16:07 . 2012-07-17 19:52 177144 ----a-w- c:\windows\system32\mfevtps.exe
    2012-10-16 16:04 . 2012-10-16 16:04 -------- d-----w- c:\programdata\Citrix
    2012-10-16 15:55 . 2012-10-16 15:55 -------- d-----w- c:\program files (x86)\Citrix
    2012-10-16 15:55 . 2012-10-16 15:55 -------- d-----w- c:\users\Brandon\AppData\Local\Citrix
    2012-10-15 12:54 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68D2397E-40FD-480A-976F-0F083EC6F224}\mpengine.dll
    2012-10-14 04:58 . 2012-10-14 04:58 -------- d-----w- c:\windows\2FDD750F49B740C19D5ED2955BC0E2D8.TMP
    2012-10-14 00:36 . 2012-10-14 00:37 -------- d-----w- c:\program files (x86)\SpeedFan
    2012-09-25 15:54 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-25 15:54 . 2012-09-25 15:54 -------- d-----w- c:\program files\iPod
    2012-09-25 15:54 . 2012-09-25 15:54 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-25 15:54 . 2012-09-25 15:54 -------- d-----w- c:\program files\iTunes
    2012-09-25 15:54 . 2012-09-25 15:54 -------- d-----w- c:\program files (x86)\iTunes
    2012-09-25 15:53 . 2012-09-25 15:53 -------- d-----w- c:\program files (x86)\Apple Software Update
    2012-09-25 15:53 . 2012-09-25 15:53 -------- d-----w- c:\program files\Common Files\Apple
    2012-09-25 15:53 . 2012-09-25 15:53 -------- d-----w- c:\program files\Bonjour
    2012-09-25 15:53 . 2012-09-25 15:53 -------- d-----w- c:\program files (x86)\Bonjour
    2012-09-25 15:52 . 2012-09-25 15:54 -------- d-----w- c:\program files (x86)\Common Files\Apple
    2012-09-24 14:19 . 2012-10-21 08:53 -------- d-----w- c:\users\Brandon\AppData\Local\Bugsplat
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-28 05:18 . 2011-08-05 08:02 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-21 03:17 . 2012-08-09 05:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-09-21 03:17 . 2012-08-09 05:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-08-31 03:48 . 2012-07-30 05:34 4278384 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-08-31 03:48 . 2012-07-30 05:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-08-30 19:14 . 2012-07-30 02:13 2422120 ----a-w- c:\windows\SysWow64\nvapi.dll
    2012-08-30 19:14 . 2012-07-30 02:13 12465512 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2012-08-30 19:14 . 2012-05-10 19:44 971624 ----a-w- c:\windows\system32\nvumdshimx.dll
    2012-08-30 19:14 . 2011-08-28 13:00 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
    2012-08-30 19:14 . 2011-08-02 00:13 2725224 ----a-w- c:\windows\system32\nvapi64.dll
    2012-08-30 16:18 . 2011-08-02 00:13 891240 ----a-w- c:\windows\system32\nvvsvc.exe
    2012-08-30 16:18 . 2011-08-02 00:13 63336 ----a-w- c:\windows\system32\nvshext.dll
    2012-08-30 16:18 . 2011-08-02 00:13 118120 ----a-w- c:\windows\system32\nvmctray.dll
    2012-08-30 16:18 . 2012-07-29 22:14 3487434 ----a-w- c:\windows\system32\nvcoproc.bin
    2012-08-30 16:18 . 2011-08-02 00:13 3266920 ----a-w- c:\windows\system32\nvsvc64.dll
    2012-08-30 16:17 . 2011-08-02 00:13 6198120 ----a-w- c:\windows\system32\nvcpl.dll
    2012-08-30 15:40 . 2012-08-30 15:40 429416 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2012-08-29 03:20 . 2012-08-29 03:20 189416 ----a-w- c:\windows\system32\javaw.exe
    2012-08-29 03:20 . 2012-08-29 03:20 188904 ----a-w- c:\windows\system32\java.exe
    2012-08-29 03:20 . 2012-08-29 03:20 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-08-29 03:20 . 2012-08-13 03:30 916456 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-29 03:20 . 2012-08-13 03:30 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-08-21 18:01 . 2012-08-21 18:01 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 18:01 . 2012-08-21 18:01 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-09 05:45 . 2012-08-09 05:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-08-09 05:44 . 2012-08-09 05:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-30 05:34 . 2012-07-30 05:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-07-30 05:33 . 2012-07-30 05:33 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll" [BU]
    .
    [HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-unins...xMCsxLUYxME0xMkFUQk4rMQ&prod=90&ver=10.0.1416" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464]
    R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 115168]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-03 1255736]
    R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
    S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-02 67400]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-08-30 382312]
    S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-03-23 1101600]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-07-03 189288]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - ExtSQL: 2012-10-16 15:49; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
    "ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.9"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9e.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9e.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-22 22:41:02
    ComboFix-quarantined-files.txt 2012-10-23 03:41
    ComboFix2.txt 2012-10-22 04:32
    .
    Pre-Run: 18,061,975,552 bytes free
    Post-Run: 18,010,394,624 bytes free
    .
    - - End Of File - - 6EDF4FF9807CF4FF9EB7A9F34EFF4F2D
     
  13. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    Looks good :)

    Any current issues?

    ====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    No, it seems my Google redirects are gone and IE does not run in the background anymore. I have also noticed a significant increase in performance when I am gaming. I honestly thought my CPU and Mother board were the weak link and needed replacing to bring the pc back up to my standard of running with top settings. I will post the OTL logs in a min.
     
  15. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    OTL logfile created on: 10/22/2012 11:00:19 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brandon\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.96% Memory free
    8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.73 Gb Total Space | 16.86 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
    Drive D: | 1.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 931.51 Gb Total Space | 911.90 Gb Free Space | 97.90% Space Free | Partition Type: NTFS

    Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/22 22:57:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/04/23 19:37:44 | 000,609,624 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2012/07/17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/12 01:29:40 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/06 21:16:16 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/08/30 10:40:00 | 000,382,312 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2004/07/15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/17 14:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2012/07/17 14:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/07/03 10:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/03/23 01:53:04 | 001,101,600 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ae1000w7.sys -- (AE1000)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2007/09/29 01:21:58 | 000,013,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhidmini.sys -- (vhidmini)
    DRV:64bit: - [2007/09/29 01:04:58 | 000,046,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JmtFltr.sys -- (JmtFltr)
    DRV:64bit: - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/10/21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBICP.sys -- (uisp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\..\SearchScopes,DefaultScope = {72AD7D49-C7E7-487C-9CDF-3D7EB9374397}
    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\..\SearchScopes\{72AD7D49-C7E7-487C-9CDF-3D7EB9374397}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "Secure Search"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
    FF - prefs.js..extensions.enabledAddons: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.15.1.0
    FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
    FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/13 16:21:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/10/16 15:49:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 01:29:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/12 01:29:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/10/16 11:31:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/12 01:29:41 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/12 01:29:36 | 000,000,000 | ---D | M]

    [2012/08/01 02:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Extensions
    [2012/08/28 00:43:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions
    [2012/08/28 00:43:39 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2011/08/01 11:02:33 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\personas@christopher.beard.xpi
    [2012/07/31 19:04:09 | 000,002,519 | ---- | M] () -- C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\searchplugins\Search_Results.xml
    [2012/10/12 01:29:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/11/13 16:21:07 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/10/16 15:49:59 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
    [2012/10/12 01:29:41 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/30 15:36:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/18 19:30:36 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/07/31 19:04:09 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    [2012/10/12 01:29:40 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://search.avg.com/?d=4e38dfd0&I=23&tp=ggl-chrome&q={searchTerms}&nt=1
    CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/complete/search?output=chrome&client=chrome&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - Extension: AVG Safe Search = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

    O1 HOSTS File: ([2012/10/21 23:29:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-1531979968-3860558922-4145543149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8981DBD-BBAD-48E9-8845-70003346BD56}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C38D4E61-CEEB-45D1-B7BF-ECE2B93160D8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\gopher - No CLSID value found
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/01/24 19:22:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2011/08/14 21:05:21 | 000,392,165 | R--- | M] () - D:\autorun.cdd -- [ CDFS ]
    O32 - AutoRun File - [2011/08/14 21:08:46 | 002,415,152 | R--- | M] (EVGA Corporation) - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2008/01/30 23:54:38 | 000,009,158 | R--- | M] () - D:\autorun.ico -- [ CDFS ]
    O32 - AutoRun File - [2011/08/14 21:05:21 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/22 22:57:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
    [2012/10/22 22:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2012/10/22 22:44:03 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/22 22:41:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/21 23:15:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/21 23:15:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/21 23:15:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/21 23:15:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/21 23:15:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/21 23:01:17 | 004,987,434 | R--- | C] (Swearware) -- C:\Users\Brandon\Desktop\ComboFix.exe
    [2012/10/21 22:36:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Brandon\Desktop\aswMBR.exe
    [2012/10/21 22:21:19 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\RK_Quarantine
    [2012/10/21 22:08:25 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/21 22:05:36 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\TDSSKILLER
    [2012/10/21 03:43:25 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Malwarebytes
    [2012/10/21 03:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/21 03:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/21 03:42:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/21 03:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/17 20:42:31 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Mumble
    [2012/10/17 20:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
    [2012/10/17 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
    [2012/10/17 19:07:43 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\New folder (2)
    [2012/10/16 11:32:04 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
    [2012/10/16 11:30:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
    [2012/10/16 11:30:45 | 000,010,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
    [2012/10/16 11:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
    [2012/10/16 11:30:33 | 000,513,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
    [2012/10/16 11:30:33 | 000,300,392 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2012/10/16 11:30:33 | 000,106,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
    [2012/10/16 11:30:33 | 000,069,672 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
    [2012/10/16 11:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
    [2012/10/16 11:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2012/10/16 11:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2012/10/16 11:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
    [2012/10/16 11:14:13 | 000,000,000 | ---D | C] -- C:\mfe
    [2012/10/16 11:07:36 | 000,177,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2012/10/16 11:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
    [2012/10/16 10:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
    [2012/10/16 10:55:42 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Citrix
    [2012/10/16 10:33:29 | 004,874,920 | ---- | C] (McAfee, Inc.) -- C:\Users\Brandon\Desktop\McAfeeSetup.exe
    [2012/10/13 19:36:45 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
    [2012/10/13 19:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
    [2012/10/13 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
    [2012/10/12 01:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/07 14:11:40 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\Minecraft Stuff
    [2012/10/03 17:50:59 | 000,000,000 | ---D | C] -- C:\Users\Brandon\Desktop\Art Pictures PP
    [2012/09/30 21:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
    [2012/09/25 10:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/09/25 10:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/09/25 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/09/25 10:54:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/09/25 10:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/09/25 10:53:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2012/09/25 10:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2012/09/25 10:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2012/09/25 10:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2012/09/25 10:52:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2012/09/24 09:19:03 | 000,000,000 | ---D | C] -- C:\Users\Brandon\AppData\Local\Bugsplat
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/22 22:57:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brandon\Desktop\OTL.exe
    [2012/10/22 22:50:56 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/22 22:50:56 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/22 22:50:06 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
    [2012/10/22 22:50:06 | 000,001,174 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk
    [2012/10/22 22:48:08 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
    [2012/10/22 22:43:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/22 22:43:29 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/22 22:17:57 | 004,987,434 | R--- | M] (Swearware) -- C:\Users\Brandon\Desktop\ComboFix.exe
    [2012/10/21 23:29:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/21 22:49:25 | 000,000,512 | ---- | M] () -- C:\Users\Brandon\Desktop\MBR.dat
    [2012/10/21 22:36:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Brandon\Desktop\aswMBR.exe
    [2012/10/21 22:20:52 | 001,425,920 | ---- | M] () -- C:\Users\Brandon\Desktop\RogueKiller.exe
    [2012/10/21 22:04:54 | 002,194,704 | ---- | M] () -- C:\Users\Brandon\Desktop\tdsskiller.zip
    [2012/10/21 03:42:38 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/17 20:45:34 | 000,002,378 | ---- | M] () -- C:\Users\Brandon\Documents\MumbleAutomaticCertificateBackup.p12
    [2012/10/17 20:42:25 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Mumble.lnk
    [2012/10/16 15:47:46 | 000,431,136 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/10/16 10:45:30 | 000,736,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/16 10:45:30 | 000,631,216 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/16 10:45:30 | 000,109,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/16 10:33:33 | 004,874,920 | ---- | M] (McAfee, Inc.) -- C:\Users\Brandon\Desktop\McAfeeSetup.exe
    [2012/10/13 19:36:45 | 000,001,011 | ---- | M] () -- C:\Users\Brandon\Desktop\SpeedFan.lnk
    [2012/10/13 19:36:45 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
    [2012/09/30 21:54:46 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/25 19:01:12 | 000,000,632 | RHS- | M] () -- C:\Users\Brandon\ntuser.pol
    [2012/09/25 10:54:51 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/21 23:15:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/21 23:15:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/21 23:15:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/21 23:15:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/21 23:15:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/21 22:49:25 | 000,000,512 | ---- | C] () -- C:\Users\Brandon\Desktop\MBR.dat
    [2012/10/21 22:20:49 | 001,425,920 | ---- | C] () -- C:\Users\Brandon\Desktop\RogueKiller.exe
    [2012/10/21 22:04:45 | 002,194,704 | ---- | C] () -- C:\Users\Brandon\Desktop\tdsskiller.zip
    [2012/10/21 03:42:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/17 20:45:34 | 000,002,378 | ---- | C] () -- C:\Users\Brandon\Documents\MumbleAutomaticCertificateBackup.p12
    [2012/10/17 20:42:25 | 000,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Mumble.lnk
    [2012/10/16 11:33:09 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
    [2012/10/13 19:36:45 | 000,001,011 | ---- | C] () -- C:\Users\Brandon\Desktop\SpeedFan.lnk
    [2012/10/13 19:36:45 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
    [2012/09/30 21:37:03 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2012/09/25 18:56:23 | 000,000,632 | RHS- | C] () -- C:\Users\Brandon\ntuser.pol
    [2012/09/25 10:54:51 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/25 10:53:46 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2012/08/30 10:40:14 | 000,429,416 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/06/22 13:10:04 | 000,000,095 | ---- | C] () -- C:\Users\Brandon\AppData\Local\fusioncache.dat
    [2011/09/17 13:48:45 | 000,749,374 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/08/01 13:25:16 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/27 18:24:58 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\.minecraft
    [2012/09/22 08:05:00 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\.techniclauncher
    [2011/09/24 16:30:52 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\ImgBurn
    [2012/07/06 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\LolClient
    [2012/10/17 21:40:28 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Mumble
    [2012/07/22 18:51:14 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\Nico Mak Computing
    [2012/07/26 11:33:42 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\RIFT
    [2012/07/26 11:33:42 | 000,000,000 | ---D | M] -- C:\Users\Brandon\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    < End of report >
     
  16. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    OTL Extras logfile created on: 10/22/2012 11:00:19 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brandon\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.96% Memory free
    8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 139.73 Gb Total Space | 16.86 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
    Drive D: | 1.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 931.51 Gb Total Space | 911.90 Gb Free Space | 97.90% Space Free | Partition Type: NTFS

    Computer Name: BRANDON-PC | User Name: Brandon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- Reg Error: Key error. File not found
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    [HKEY_USERS\S-1-5-21-1531979968-3860558922-4145543149-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09771DFB-662B-4B22-92AF-14984D18878C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{148E9B91-203F-4501-9529-FAD0ADE9A5F1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2447BAD2-490C-4375-B604-912D4CAA3CE2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{2C5F3236-D6D1-4F48-A375-96909DAD0063}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{463694E0-B761-4A0A-83C0-777F3F2F3E7C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{483E4CC3-1DC0-4125-9D25-27EB1C0947F8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{57A679C2-9E5D-4A43-A5EC-B01ECA71D2F1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{61FBB210-4B91-4AB8-8CAC-809447373544}" = lport=56237 | protocol=17 | dir=in | name=pando media booster |
    "{65180EEF-7EB0-4CC9-880F-EDE023CE1D23}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{852F24E2-F295-4064-BCF9-A373A6F4734F}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8DB986FD-7292-47A0-847E-39625A0EC094}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{963EE9BE-F0DB-43A2-B710-AC518CD317B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{974A9755-E6F9-4068-A494-ABE2EDACEDCC}" = rport=137 | protocol=17 | dir=out | app=system |
    "{9C1619FD-7454-4C4B-8A2C-A0F5B32D46E3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe |
    "{A0E8913A-531F-48ED-A667-0E2CD365A5CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B6BBE0BF-9041-4DF2-A236-6DD83A5FE41C}" = lport=137 | protocol=17 | dir=in | app=system |
    "{BBA832F7-BC30-46F2-9137-8BE7722C0683}" = lport=56237 | protocol=6 | dir=in | name=pando media booster |
    "{C8AA0C5D-D8D4-4046-B638-215B99C71E0D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{CA12A75D-26DC-4B93-AD4E-D7C234479321}" = lport=56237 | protocol=17 | dir=in | name=pando media booster |
    "{D8AAF05D-C6C2-46E4-9339-20A22E9E1E4D}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D9ACF211-2E9D-4036-B008-FAA924EF6BC4}" = rport=139 | protocol=6 | dir=out | app=system |
    "{E0CD6AAC-FD52-4EBD-9EC5-9F28DD29F80F}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{E4D301BE-54ED-4715-A228-079FCE75EE6C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E4DF6CC8-A2D0-4608-8266-675B919088A9}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{ED200FDD-B5E9-4151-A2E7-6422ED94FD6B}" = lport=56237 | protocol=6 | dir=in | name=pando media booster |
    "{EDDC4AEC-94F1-4F4D-B4FF-F07A06FFABCE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F52F7E86-0F1E-40E3-8E2B-35D0DF399502}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{05167B6D-EC45-4237-B043-CAAA914F1FBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{07237251-3694-4774-AF09-72691C4263C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{088DF11A-FDCE-4526-BC5C-27AC904F9383}" = protocol=6 | dir=in | app=c:\users\brandon\appdata\local\temp\dsoclient\dlcache\app.n3app |
    "{08B94DA4-7404-47CD-B659-383B88EB8A06}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{0E0459AF-24F4-4014-9B5F-2EF9A5FF0437}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{1B8E7DD9-19E7-4CA8-A100-1020A8E4C5C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1CE2EB0E-FDA4-4DD5-B9CD-C08B81442EB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{1D93DDB2-236E-4A15-BF78-BFA4926DCC7A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{24BC97EC-2AFD-4441-8075-B52F86FAE28B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{27EC2570-49BB-4894-84F2-9B11ADE14B96}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
    "{2E4E9629-F42C-4877-A538-712D1BD8EDF2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{2E711B1B-35C6-4B4D-A667-CAE408CC1BA3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{3ECDBD0F-F83C-4194-A9DF-5FCB2E24F058}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{3FD628F7-2687-4D9D-966A-2186FFC549C4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{41535E47-C13A-4CF4-9564-EC4F0DE01B84}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{42CE0E89-4D4D-4FD6-A688-8D1BD66ED067}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4676F590-72DD-4488-A0F7-E8BA2CB00C49}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{52D185F8-5E96-4A96-BA6B-E58C8DA09D8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{559C78DE-075E-449B-93DA-E895A1F82B89}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{5E079CED-563F-4084-8FD0-78460662B7DD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
    "{5F8E44C2-E7F2-401A-9BB8-218F51FC9D2C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6218A70E-AB42-41E9-AC35-A53A94B18A51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{64994332-1F4E-423D-BBB9-DD7B0C0AC8EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6C3BCC55-91DD-46BB-8AB3-1AE6F1EB12F8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{6F7F6EA7-D955-4E3A-A8BA-D076E3485EED}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{7446CE15-C31C-4858-A143-EE80628AEA1F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{7470DC3C-AD23-403E-986A-B0C806878D6F}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
    "{7547AC70-32CE-488E-ABFC-7E5F9B030ECE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{75736DBE-168C-4231-8A19-7E278221F590}" = protocol=6 | dir=out | app=system |
    "{774EEAF9-0A9F-42A6-B1D8-DCB8348ED75D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{77D5281A-93E9-4E21-9A99-D3D52C4A858B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{78FE89E5-5968-4C39-A022-AF30F35FA6FE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{7C689D20-50AC-4E23-83C8-23C83C616966}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
    "{7D51250B-971B-4947-942A-90C95FB2E7E4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
    "{7DF66F47-0587-4F1E-84FA-EA16C0E4EAFD}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{819C11B4-4E33-434F-A91B-4083ADFC3046}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
    "{82D946A1-F165-441A-AA98-9FD0E4ACDFE6}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{8E5F50D7-6319-4D1D-A8D5-EA11B502AE0C}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
    "{9087C135-0AFD-4BA6-9125-40B1F75E5FB7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{986B3B53-A3F6-4BA6-A760-52E49A6FB69B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe |
    "{A7BE8DE8-81C8-4856-AFE5-CCF7A9746B18}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{ABD5991A-FCC5-479F-ADB4-5680B53D6081}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
    "{B1B91F78-ED46-4FC5-A579-ADFF8789F909}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{B30BFB08-FED1-48F5-B99F-9F342902474B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{B4A6D5A8-27E6-4B21-BFF5-7C0EA0F7E9F9}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe |
    "{B709E4A3-FC3F-4ACC-9644-11669C46FCE2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{B743D22C-4437-4BC0-88DB-FBDC66AB6C8A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{BB21E974-C2FC-453E-A906-ECCA4B57FBAE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BFC0F2B3-49BE-4165-A66D-E662A4485E40}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{C013F5EA-84E8-409A-83A3-9D621CBB3BA2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{C1468CAA-D2DF-4CDB-8934-F31E22F06858}" = protocol=58 | dir=in | app=system |
    "{C58BF0EC-819B-4FD4-A85B-B337C926F44E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C62BCF53-74B2-419B-BB79-2685C154E026}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{CC20E35F-8952-4BCB-B129-8C0F53BB9DF9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{CE6E0BD4-FC2A-4657-B9BC-A11BEA8940A9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{D37908DC-9595-41B7-9325-D437A9819B1C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D59702C5-4825-4100-9274-7A0B5292FF12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DAC93917-527A-4939-AFDF-8E5BB4241D5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{E8CEBBEE-83D0-4034-A914-3CE272A19594}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EC018FE0-2527-4AA5-96D6-450EA6C82629}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F315B6C0-007A-4B9A-9A44-8468BE2C8FC7}" = protocol=17 | dir=in | app=c:\users\brandon\appdata\local\temp\dsoclient\dlcache\app.n3app |
    "{F46E2413-8048-4989-B6C8-58BA6F4A59C7}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
    "{F4C999AA-8FED-4D3C-B09A-3CA022DB6CDD}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe |
    "{FA7669B4-2118-4677-93C0-688C7B64EBED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "TCP Query User{00285C52-D1BE-4129-9A32-84B5FFF73F80}C:\users\brandon\downloads\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\downloader_diablo2_lord_of_destruction_enus.exe |
    "TCP Query User{04CBF600-99CB-4787-B870-AD53BF99882A}E:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
    "TCP Query User{098160BF-D83C-4A4E-9857-686041BEED8C}C:\users\brandon\downloads\ptr-installer-en_us.exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\ptr-installer-en_us.exe |
    "TCP Query User{0CD13AD7-3178-4DF6-9CC1-8644D4744D93}E:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
    "TCP Query User{0F6E476B-2410-487A-8BBC-281D6CA5C425}C:\users\brandon\downloads\downloader_warcraft3_the_frozen_throne_enus(1).exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\downloader_warcraft3_the_frozen_throne_enus(1).exe |
    "TCP Query User{114ADAA5-041B-4B1C-9246-15D15704921D}C:\users\brandon\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\downloader_warcraft3_reign_of_chaos_enus.exe |
    "TCP Query User{116AEFAC-595D-46A8-AB64-FBA955C3E951}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
    "TCP Query User{1509CFC3-A0AD-4B3D-903F-C0D7473C8640}C:\users\brandon\downloads\downloader_diablo2_enus.exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\downloader_diablo2_enus.exe |
    "TCP Query User{27E3944E-199C-44E6-9F06-F3C38CD29CF1}C:\users\brandon\downloads\downloader_diablo2_lord_of_destruction_enus(1).exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\downloader_diablo2_lord_of_destruction_enus(1).exe |
    "TCP Query User{34ADAD87-F2BA-4558-B7CE-253657B77E0B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "TCP Query User{36DC5D11-9B81-4C9C-BE9D-7C512399AA03}E:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=e:\world of warcraft\launcher.exe |
    "TCP Query User{3A388662-C407-4366-AA27-67DD8F19E528}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "TCP Query User{3E632269-B72F-4238-A44B-B60EB8090C9F}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |
    "TCP Query User{55C5268A-8322-4A86-A215-6AF046373501}E:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
    "TCP Query User{5ADCDDF3-7DF9-4164-9036-2FC4DC5EF8D0}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "TCP Query User{82A05F16-C956-4578-95C6-01F7300AC1B8}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
    "TCP Query User{8E7800B1-4F5F-4A50-A145-EF9A79090AF0}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe |
    "TCP Query User{9232A176-6C91-47F8-916C-6452807B163B}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{94598D29-89A3-4559-924B-FDDC74968A6C}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |
    "TCP Query User{9E7C2ACA-4EA8-40A9-A816-D0FECCA7C476}C:\users\brandon\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\downloader_warcraft3_the_frozen_throne_enus.exe |
    "TCP Query User{B4AD4388-54BF-4FA3-9E04-3D2D81AD949C}C:\users\brandon\downloads\downloader_diablo2_enus(1).exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\downloader_diablo2_enus(1).exe |
    "TCP Query User{B77119F5-EB06-428F-A796-4150B10B4C9A}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
    "TCP Query User{B9D0E007-3EA8-4B3B-A4F5-7B34A8951BA0}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "TCP Query User{CEEB5DA9-C813-43AB-9300-42F7A4D44B5F}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
    "TCP Query User{D4DFC4CE-B360-40D2-BB59-27E8FF4F399F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "TCP Query User{D557C36E-3718-4042-AB64-667A9EF254B9}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
    "TCP Query User{D9479A0C-1374-4DAE-8242-C7999455D578}C:\users\brandon\downloads\downloader_warcraft3_reign_of_chaos_enus(1).exe" = protocol=6 | dir=in | app=c:\users\brandon\downloads\downloader_warcraft3_reign_of_chaos_enus(1).exe |
    "TCP Query User{DFF5DA1B-8DC1-4DA2-A6A1-DC0EF7419FD1}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{09929E6D-8A8E-473C-9B31-47AC63C64294}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
    "UDP Query User{0A22062D-D35A-44E3-911C-0042C691F603}E:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe |
    "UDP Query User{114B433D-B09B-4821-8C37-E73BCBB92BB2}E:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.exe |
    "UDP Query User{1734E03B-51A7-47ED-8298-091E02E53E49}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "UDP Query User{182ED2AC-3706-480D-B1E7-D69DFD73AE8F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{1D7ADC87-0F4F-42BA-B3F1-BEF8DB0120A6}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe |
    "UDP Query User{24534483-736D-492D-AF48-1D77ABDC614D}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
    "UDP Query User{28ADD150-FFC4-44F8-B994-79B155D87C11}C:\users\brandon\downloads\downloader_diablo2_enus.exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\downloader_diablo2_enus.exe |
    "UDP Query User{3CD24DDC-6501-4B1E-8BBF-DFB9F4F1CAC1}C:\users\brandon\downloads\downloader_diablo2_enus(1).exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\downloader_diablo2_enus(1).exe |
    "UDP Query User{418DC1F9-2D99-4181-A3C5-216B2637E05F}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
    "UDP Query User{429B9D1C-6121-4344-A431-7FF79A703375}C:\users\brandon\downloads\downloader_warcraft3_reign_of_chaos_enus.exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\downloader_warcraft3_reign_of_chaos_enus.exe |
    "UDP Query User{4DA4258F-450F-4803-A00F-2F3404E06B89}C:\users\brandon\downloads\ptr-installer-en_us.exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\ptr-installer-en_us.exe |
    "UDP Query User{52CC8343-773A-4B99-B0EA-884A5B365A34}E:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=e:\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
    "UDP Query User{642B6CF5-14E4-4C58-B590-4F610A0137BB}C:\users\brandon\downloads\downloader_warcraft3_the_frozen_throne_enus(1).exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\downloader_warcraft3_the_frozen_throne_enus(1).exe |
    "UDP Query User{693E3A41-7A35-481B-800F-0562476D1A88}C:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe |
    "UDP Query User{736FF1F7-A5D7-4785-B8BC-035F73B1C260}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "UDP Query User{81597249-BC28-4EFF-8787-F064C561AAC1}C:\users\brandon\downloads\downloader_diablo2_lord_of_destruction_enus.exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\downloader_diablo2_lord_of_destruction_enus.exe |
    "UDP Query User{8567DCD8-7829-40CC-8C7F-411974AC6F39}C:\program files (x86)\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\backgrounddownloader.exe |
    "UDP Query User{A755B68F-5234-407B-9230-BA7CF5490DCE}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
    "UDP Query User{AB721CFC-48C6-4E1E-8257-2629C9E4E45A}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
    "UDP Query User{BC757E34-62ED-4596-AF0E-C1CA96922987}C:\users\brandon\downloads\downloader_warcraft3_reign_of_chaos_enus(1).exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\downloader_warcraft3_reign_of_chaos_enus(1).exe |
    "UDP Query User{BE0E21B1-8961-4FAF-BC14-55697C445053}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
    "UDP Query User{C7169690-9665-4A53-BBD7-2942D2119105}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe |
    "UDP Query User{D9769676-7C20-44E6-8518-734238847BA9}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{DFA984A9-DBB9-47D4-94EA-D072A0CDE541}C:\users\brandon\downloads\downloader_diablo2_lord_of_destruction_enus(1).exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\downloader_diablo2_lord_of_destruction_enus(1).exe |
    "UDP Query User{E69A1390-0557-485C-8D6D-BB7B4C99F24C}E:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=e:\world of warcraft\launcher.patch.exe |
    "UDP Query User{EAA9A013-23A1-4591-B726-593D19E4CAF2}C:\users\brandon\downloads\downloader_warcraft3_the_frozen_throne_enus.exe" = protocol=17 | dir=in | app=c:\users\brandon\downloads\downloader_warcraft3_the_frozen_throne_enus.exe |
    "UDP Query User{F62130A5-B40B-4B1D-874A-0D9AA50D54E9}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86417006FF}" = Java 7 Update 6 (64-bit)
    "{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3 (64-bit)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.23
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
    "{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "7-Zip 9.20" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Blend_4.0.30701.0" = Microsoft Expression Blend 4
    "Cisco Connect" = Cisco Connect
    "Diablo II" = Diablo II
    "Diablo III" = Diablo III
    "DivX Setup" = DivX Setup
    "Endless City" = NVIDIA Endless City demo
    "Game Booster_is1" = Game Booster 3
    "ImgBurn" = ImgBurn
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
    "Mozilla Firefox 15.0 (x86 en-US)" = Mozilla Firefox 15.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MSC" = McAfee Internet Security
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "SpeedFan" = SpeedFan (remove only)
    "TransMac_is1" = TransMac version 10.1
    "uTorrent" = µTorrent
    "Warcraft III" = Warcraft III
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1531979968-3860558922-4145543149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/16/2012 4:35:39 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74f7c9f1 Faulting process id: 0x1948 Faulting application
    start time: 0x01cdabddcde3c940 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 0b905420-17d1-11e2-9632-001fbc0066f7

    Error - 10/16/2012 4:36:42 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74f7c9f1 Faulting process id: 0x20ac Faulting application
    start time: 0x01cdabddf331d5c0 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 30de60a0-17d1-11e2-9632-001fbc0066f7

    Error - 10/16/2012 4:37:44 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74f7c9f1 Faulting process id: 0x2370 Faulting application
    start time: 0x01cdabde18837c20 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 56326860-17d1-11e2-9632-001fbc0066f7

    Error - 10/16/2012 4:38:47 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74f7c9f1 Faulting process id: 0xe38 Faulting application
    start time: 0x01cdabde3e169080 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 7bc31b60-17d1-11e2-9632-001fbc0066f7

    Error - 10/16/2012 4:39:50 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74f7c9f1 Faulting process id: 0x10c0 Faulting application
    start time: 0x01cdabde6366fe60 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: a1138940-17d1-11e2-9632-001fbc0066f7

    Error - 10/16/2012 4:40:52 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74f7c9f1 Faulting process id: 0x11e8 Faulting application
    start time: 0x01cdabde88bc2f00 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: c674a0c0-17d1-11e2-9632-001fbc0066f7

    Error - 10/16/2012 4:41:55 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74f7c9f1 Faulting process id: 0x153c Faulting application
    start time: 0x01cdabdeae1fa7e0 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: ebe661e0-17d1-11e2-9632-001fbc0066f7

    Error - 10/16/2012 4:42:58 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74f7c9f1 Faulting process id: 0x1d20 Faulting application
    start time: 0x01cdabded3894310 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 11525e70-17d2-11e2-9632-001fbc0066f7

    Error - 10/17/2012 9:49:58 PM | Computer Name = Brandon-PC | Source = Application Hang | ID = 1002
    Description = The program Wow-64.exe version 5.0.5.16135 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: ac0 Start
    Time: 01cdac8fddaec660 Termination Time: 682 Application Path: E:\World of Warcraft\Wow-64.exe

    Report
    Id:

    Error - 10/21/2012 11:15:05 PM | Computer Name = Brandon-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mcagent.exe, version: 11.6.434.0, time
    stamp: 0x5050b565 Faulting module name: RPCRT4.dll, version: 6.1.7601.17514, time
    stamp: 0x4ce7c96e Exception code: 0xc0020043 Fault offset: 0x000000000008a973 Faulting
    process id: 0xcec Faulting application start time: 0x01cdb002dd2cdb20 Faulting application
    path: C:\Program Files\McAfee.com\Agent\mcagent.exe Faulting module path: C:\Windows\system32\RPCRT4.dll
    Report
    Id: ac78c394-1bf6-11e2-b350-001fbc0066f7

    [ Media Center Events ]
    Error - 8/8/2012 11:38:03 PM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0
    Description = 10:38:03 PM - Error connecting to the internet. 10:38:03 PM - Unable
    to contact server..

    Error - 8/8/2012 11:38:17 PM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0
    Description = 10:38:08 PM - Error connecting to the internet. 10:38:08 PM - Unable
    to contact server..

    Error - 8/9/2012 12:38:32 AM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0
    Description = 11:38:32 PM - Error connecting to the internet. 11:38:32 PM - Unable
    to contact server..

    Error - 8/9/2012 12:38:45 AM | Computer Name = Brandon-PC | Source = MCUpdate | ID = 0
    Description = 11:38:38 PM - Error connecting to the internet. 11:38:38 PM - Unable
    to contact server..

    [ System Events ]
    Error - 10/17/2012 1:01:56 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1326 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 10/17/2012 1:01:56 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 10/17/2012 1:43:37 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1326 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 10/17/2012 1:43:37 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 10/17/2012 10:46:49 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1326 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 10/17/2012 10:46:49 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 10/18/2012 2:43:35 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1326 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 10/18/2012 2:43:35 AM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069

    Error - 10/18/2012 5:57:47 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7038
    Description = The nvUpdatusService service was unable to log on as .\UpdatusUser
    with the currently configured password due to the following error: %%1326 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 10/18/2012 5:57:47 PM | Computer Name = Brandon-PC | Source = Service Control Manager | ID = 7000
    Description = The NVIDIA Update Service Daemon service failed to start due to the
    following error: %%1069


    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
      O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ============================

    Last scans..

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Brandon
    ->Temp folder emptied: 1178110 bytes
    ->Temporary Internet Files folder emptied: 21340971 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 630098682 bytes
    ->Google Chrome cache emptied: 12361906 bytes
    ->Flash cache emptied: 172017 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 259148 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52123 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 635.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Brandon
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Brandon
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10222012_232302

    Files\Folders moved on Reboot...
    C:\Users\Brandon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  19. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    Results of screen317's Security Check version 0.99.53
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    JavaFX 2.1.1
    Java(TM) 7 Update 5
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  20. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    Farbar Service Scanner Version: 19-10-2012
    Ran by Brandon (administrator) on 22-10-2012 at 23:55:26
    Running from "C:\Users\Brandon\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  21. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    # AdwCleaner v2.005 - Logfile created 10/22/2012 at 23:57:47
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : Brandon - BRANDON-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Brandon\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\searchplugins\Search_Results.xml
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Free Offers from Freeze.com
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Brandon\AppData\Local\Conduit
    Folder Deleted : C:\Users\Brandon\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Brandon\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\Brandon\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\ConduitCommon
    Folder Deleted : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\CT3072253
    Folder Deleted : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0 (en-US)

    Profile name : default
    File : C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\prefs.js

    C:\Users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\0osx2mcj.default\user.js ... Deleted !

    Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
    Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
    Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
    Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
    Deleted : user_pref("CT3072253.CTID", "CT3072253");
    Deleted : user_pref("CT3072253.CurrentServerDate", "23-10-2012");
    Deleted : user_pref("CT3072253.DSInstall", false);
    Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Oct 20 2012 12:05:30 GMT-0500 (Central Daylig[...]
    Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
    Deleted : user_pref("CT3072253.FirstServerDate", "29-6-2012");
    Deleted : user_pref("CT3072253.FirstTime", true);
    Deleted : user_pref("CT3072253.FirstTimeFF3", true);
    Deleted : user_pref("CT3072253.FirstTimeHiddenVer", true);
    Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT3072253.HPInstall", false);
    Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
    Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
    Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.com/");
    Deleted : user_pref("CT3072253.Initialize", true);
    Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
    Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT3072253.InstallationId", "fftD35.tmp.exe");
    Deleted : user_pref("CT3072253.InstallationType", "XPE");
    Deleted : user_pref("CT3072253.InstalledDate", "Thu Jun 28 2012 16:09:14 GMT-0500 (Central Daylight Time)");
    Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
    Deleted : user_pref("CT3072253.IsGrouping", false);
    Deleted : user_pref("CT3072253.IsInitSetupIni", true);
    Deleted : user_pref("CT3072253.IsMulticommunity", false);
    Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
    Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
    Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Mon Oct 22 2012 10:44:55 GMT-0500 (Central Dayligh[...]
    Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT3072253.LastLogin_3.13.0.6", "Fri Jul 13 2012 21:41:55 GMT-0500 (Central Daylight Time)[...]
    Deleted : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Aug 27 2012 23:41:08 GMT-0500 (Central Daylight Time)[...]
    Deleted : user_pref("CT3072253.LastLogin_3.15.1.0", "Mon Oct 22 2012 22:04:57 GMT-0500 (Central Daylight Time)[...]
    Deleted : user_pref("CT3072253.LatestVersion", "3.14.1.0");
    Deleted : user_pref("CT3072253.Locale", "en");
    Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT3072253.MCDetectTooltipShow", false);
    Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
    Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
    Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Google");
    Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
    Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Mon Oct 22 2012 10:44:53 GMT-0500 (Central Dayli[...]
    Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
    Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
    Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
    Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Mon Oct 22 2012 10:44:54 GMT-0500 (Central Daylight [...]
    Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Mon Oct 22 2012 22:04:57 GMT-0500 (Central Daylight Ti[...]
    Deleted : user_pref("CT3072253.SettingsLastUpdate", "1350331626");
    Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
    Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Sat Oct 20 2012 10:44:53 GMT-0500 (Central Day[...]
    Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
    Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
    Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT3072253.UserID", "UN65849966732827113");
    Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT3072253.alertChannelId", "1463702");
    Deleted : user_pref("CT3072253.approveUntrustedApps", true);
    Deleted : user_pref("CT3072253.autoDisableScopes", -1);
    Deleted : user_pref("CT3072253.backendstorage.cb_experience_000", "313134");
    Deleted : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
    Deleted : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423538363434323930313638355F46697265666F78")[...]
    Deleted : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
    Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "546875204A756E20323820323031322031363A30393A31372[...]
    Deleted : user_pref("CT3072253.backendstorage.facebbok_user_cuid_506443072", "62353430303030312D316532662D3030[...]
    Deleted : user_pref("CT3072253.backendstorage.facebbok_user_id", "353036343433303732");
    Deleted : user_pref("CT3072253.backendstorage.facebook_conduit_social_sskey_506443072", "34306C37676F557931474[...]
    Deleted : user_pref("CT3072253.backendstorage.facebook_ctid_connect_send_n", "73656E646564");
    Deleted : user_pref("CT3072253.backendstorage.facebook_first_visit", "6E6F744669727374");
    Deleted : user_pref("CT3072253.backendstorage.facebook_loggedin", "796573");
    Deleted : user_pref("CT3072253.backendstorage.facebook_login_refresh", "302E38343434323639363835323637303736")[...]
    Deleted : user_pref("CT3072253.backendstorage.facebook_login_status", "33");
    Deleted : user_pref("CT3072253.backendstorage.facebook_lust_recieve", "3135313932373431302C3135323032383534372[...]
    Deleted : user_pref("CT3072253.backendstorage.facebook_lust_recievegadet", "3135323038373334362C");
    Deleted : user_pref("CT3072253.backendstorage.facebook_mode", "32");
    Deleted : user_pref("CT3072253.backendstorage.facebook_toolbar_not_numer", "33");
    Deleted : user_pref("CT3072253.backendstorage.facebook_user_locale", "656E");
    Deleted : user_pref("CT3072253.backendstorage.facebook_user_name", "3078303034322C3078303037322C3078303036312C[...]
    Deleted : user_pref("CT3072253.backendstorage.facebook_user_token", "41414141414D4E75394953674241444F517051327[...]
    Deleted : user_pref("CT3072253.backendstorage.facebooknotifications", "31");
    Deleted : user_pref("CT3072253.backendstorage.hxxp://facebook_conduitapps_com/v3_13.facebook_last_visit_tab", [...]
    Deleted : user_pref("CT3072253.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]
    Deleted : user_pref("CT3072253.components.1000080", true);
    Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Wed Oct 17 2012 13:35:48 GMT-0500 (Central [...]
    Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT3072253.initDone", true);
    Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
    Deleted : user_pref("CT3072253.myStuffEnabled", true);
    Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);
    Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
    Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
    Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT3072253.testingCtid", "");
    Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Mon Oct 22 2012 10:44:55 GMT-0500 (Central D[...]
    Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Sat Oct 20 2012 10:44:54 GMT-0500 (Central D[...]
    Deleted : user_pref("CT3072253.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"216[...]
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Brandon\\AppData\\Roaming\\Mozilla\[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/?d=4e38dda4&I=23&t[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
    Deleted : user_pref("CommunityToolbar.globalUserId", "0d997bc7-fec7-4df2-a3eb-3ca7333fac20");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Oct 21 2012 12:05:0[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Oct 22 2012 10:44:55 GMT-0500 (C[...]
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "20f78e6b-11b0-4d6b-a869-19c0f322dd54");
    Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
    Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...]

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [17130 octets] - [22/10/2012 23:57:47]

    ########## EOF - C:\AdwCleaner[S1].txt - [17191 octets] ##########
     
  22. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    When trying to run Eset scanner I get a message saying can not get *update is proxy configured?

    *Edit: replaced files with update
     
  23. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    C:\Users\Brandon\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Users\Brandon\Downloads\XvidSetup.exe.part Win32/Toolbar.Zugo application cleaned by deleting - quarantined
     
  24. Broni

    Broni Malware Annihilator Posts: 47,166   +264

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    =====================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    13. Please, let me know, how your computer is doing.
     
  25. Michael West

    Michael West TS Rookie Topic Starter Posts: 29

    I don't have time at the moment to run all that but I will tonight but I did have a question, in my browser, the tab headers at the top, they are now written in blue, What caused this? Does it matter? I realize it's just a color and that part is no biggy, the reason I ask though is because I wanted to know if it had anything to do with one of these programs?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.