Posting logs for redirect malware/spyware virus removal

Inactive
By Kookie Gram
Jul 25, 2012
  1. .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
    Run by KD at 22:27:29 on 2012-07-24
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2609 [GMT -5:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mURLSearchHooks: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Google] rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    dRun: [Google] rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    LSP: mswsock.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
    TCP: Interfaces\{1215B1FD-2E5E-4D75-B9CA-7D321B2E187C} : DhcpNameServer = 208.59.247.45 208.59.247.46
    TCP: Interfaces\{1215B1FD-2E5E-4D75-B9CA-7D321B2E187C}\C4560264C656572702445602C49637 : DhcpNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
    BHO-X64: BitLord Security Bar - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: BitLord Security Bar Toolbar: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\
    FF - prefs.js: browser.search.selectedEngine - BitLord Security Bar Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2830765&SearchSource=2&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 8309d8f5-ace5-427d-a02f-9988d36dedc7
    FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    .
    FF - user.js: extensions.autoDisableScopes - 14
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-24 44808]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-10-11 353360]
    R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-12-24 872552]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-11 13592]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-10-11 244624]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-24 655944]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-3-9 257344]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-24 2656280]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\DRIVERS\b57xdbd.sys --> C:\Windows\system32\DRIVERS\b57xdbd.sys [?]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\DRIVERS\b57xdmp.sys --> C:\Windows\system32\DRIVERS\b57xdmp.sys [?]
    R3 bScsiMSa;bScsiMSa;C:\Windows\system32\DRIVERS\bScsiMSa.sys --> C:\Windows\system32\DRIVERS\bScsiMSa.sys [?]
    R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-17 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-30 250056]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-17 136176]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-13 113120]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-25 02:33:04 -------- d-----w- C:\Users\KD\AppData\Roaming\Malwarebytes
    2012-07-25 02:32:29 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-25 02:32:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-25 02:32:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 01:58:05 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2012-07-25 01:58:05 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2012-07-25 01:58:01 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2012-07-25 01:57:42 41224 ----a-w- C:\Windows\avastSS.scr
    2012-07-25 01:57:27 -------- d-----w- C:\ProgramData\AVAST Software
    2012-07-25 01:57:27 -------- d-----w- C:\Program Files\AVAST Software
    2012-07-21 14:56:17 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
    2012-07-21 14:53:46 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-07-21 14:53:14 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-07-17 01:52:22 -------- d-----w- C:\Users\KD\AppData\Local\Macromedia
    2012-07-17 01:52:17 -------- d-----w- C:\ProgramData\McAfee Security Scan
    2012-07-17 01:52:15 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
    2012-07-17 00:12:08 -------- d-----w- C:\Users\KD\AppData\Local\ElevatedDiagnostics
    2012-07-16 23:19:44 -------- d-----w- C:\Windows\pss
    2012-07-14 20:31:13 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-07-14 20:31:13 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-07-14 20:21:03 -------- d-----w- C:\Users\KD\AppData\Roaming\PC Cleaners
    2012-07-14 20:20:55 4274488 ----a-w- C:\Windows\uninst.exe
    2012-07-14 20:20:55 -------- d-----w- C:\Users\KD\AppData\Roaming\PCPro
    2012-07-14 20:20:54 -------- d-----w- C:\ProgramData\PC1Data
    2012-07-14 20:20:54 -------- d-----w- C:\Program Files (x86)\PC Cleaners
    2012-07-14 04:37:44 -------- d-----w- C:\Users\KD\AppData\Local\{7AE5942C-AB73-43A1-B46D-5C0BCD6A2438}
    2012-07-14 04:37:34 -------- d-----w- C:\Users\KD\AppData\Local\{AEC39731-98A3-4345-A113-C0C23132FF3E}
    2012-07-14 03:12:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-07-13 11:09:43 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06241A05-E5AD-4E75-B24D-0BB3D7B48CE3}\mpengine.dll
    2012-07-12 08:06:27 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 20:22:15 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-10 23:29:10 -------- d-----w- C:\Program Files (x86)\Rovio
    2012-07-10 23:27:31 -------- d-----w- C:\Users\KD\AppData\Roaming\Rovio
    2012-07-10 16:39:54 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-06-29 15:03:55 -------- d-----w- C:\Users\KD\AppData\Roaming\Cakewalk
    2012-06-29 14:54:41 -------- d-----w- C:\Program Files (x86)\IK Multimedia
    2012-06-29 14:51:48 344064 ----a-w- C:\Windows\SysWow64\msvcr70.dll
    2012-06-29 14:51:47 487424 ----a-w- C:\Windows\SysWow64\msvcp70.dll
    2012-06-29 14:48:41 -------- d-----w- C:\ProgramData\Cakewalk
    2012-06-28 22:36:42 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll
    2012-06-28 22:36:41 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll
    2012-06-28 17:20:38 -------- d-----w- C:\Users\KD\Tracing
    2012-06-28 16:41:03 -------- d-----w- C:\Windows\en
    2012-06-28 16:40:21 -------- d-----w- C:\Windows\fr
    2012-06-28 16:36:16 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\233966d21cd554c02\MeshBetaRemover.exe
    2012-06-28 16:36:15 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\DSETUP.dll
    2012-06-28 16:36:15 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\DXSETUP.exe
    2012-06-28 16:36:15 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\dsetup32.dll
    2012-06-28 16:35:25 -------- d-----w- C:\Users\KD\AppData\Local\{832278FD-5555-4C09-809B-FF57BE34846C}
    2012-06-28 16:35:14 -------- d-----w- C:\Users\KD\AppData\Local\{BF13BD5C-7925-4128-8CA9-41952573241A}
    2012-06-28 16:00:54 -------- d-----w- C:\ProgramData\Propellerhead Software
    2012-06-28 16:00:37 -------- d-----w- C:\Users\KD\AppData\Roaming\Propellerhead Software
    2012-06-28 15:53:31 -------- d-----w- C:\Program Files (x86)\Propellerhead
    2012-06-28 09:43:38 -------- d-----w- C:\Users\KD\AppData\Local\{A251F060-8D35-412C-8E88-AC74C354DF8D}
    2012-06-28 09:43:28 -------- d-----w- C:\Users\KD\AppData\Local\{CF630B14-6C5B-459B-B80A-571E0C40F71F}
    2012-06-28 09:42:20 -------- d-----w- C:\Users\KD\AppData\Local\{CEBAD0C0-B6EC-4BAA-A95D-5F91A0287CDA}
    2012-06-28 09:42:10 -------- d-----w- C:\Users\KD\AppData\Local\{C2F1E182-89D2-4E45-98DC-6355A9150279}
    2012-06-28 09:40:21 -------- d-----w- C:\Users\KD\AppData\Local\{EB0B89BB-1CBD-479E-A5C1-CA8F856703DB}
    2012-06-28 09:40:11 -------- d-----w- C:\Users\KD\AppData\Local\{ABD1AF64-2146-4186-9DC6-D6D582A026D1}
    2012-06-28 09:32:05 -------- d-----w- C:\Users\KD\AppData\Local\{0666E6EF-E83D-44BA-9D25-64BD88960E92}
    2012-06-28 09:31:55 -------- d-----w- C:\Users\KD\AppData\Local\{5CD089D3-FDFC-484A-9C1C-A290C4AD9838}
    2012-06-28 09:07:44 -------- d-----w- C:\Users\KD\AppData\Local\{F50A916D-DB28-47FD-B0C5-6BC3A771E658}
    2012-06-28 09:07:34 -------- d-----w- C:\Users\KD\AppData\Local\{C899A96E-586E-4846-8CA0-24F54BDB5A70}
    2012-06-28 08:52:16 -------- d-----w- C:\ProgramData\PreSonus
    2012-06-28 08:52:12 -------- d-----w- C:\Users\KD\AppData\Roaming\PreSonus
    2012-06-28 08:51:26 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
    2012-06-28 08:51:09 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
    2012-06-26 00:02:17 -------- d-----w- C:\Users\KD\AppData\Roaming\Registry Mechanic
    2012-06-25 19:13:15 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-06-25 19:13:14 -------- d-----w- C:\Program Files (x86)\PC Tools Registry Mechanic
    2012-06-25 18:13:26 -------- d-----w- C:\Users\KD\AppData\Local\{FBA1CF5D-8AF4-4969-B7DE-6225C5F0A0CD}
    2012-06-25 18:13:10 -------- d-----w- C:\Users\KD\AppData\Local\{37EA96E1-BE0B-43C1-BAFA-F0999F80D424}
    .
    ==================== Find3M ====================
    .
    2012-07-17 01:52:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-17 01:52:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 04:10:48 126944 ----a-w- C:\Windows\System32\drivers\scdemu.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 22:28:29.17 ===============
  2. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org
    Database version: v2012.07.24.12
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    KD :: KERIROCHELLE-PC [administrator]
    Protection: Enabled
    7/24/2012 9:43:09 PM
    mbam-log-2012-07-24 (21-43-09).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 190457
    Time elapsed: 5 minute(s), 11 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 1
    C:\ProgramData\TheBflix (PUP.BFlix) -> Quarantined and deleted successfully.
    Files Detected: 21
    C:\ProgramData\TheBflix\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\Users\KD\AppData\Local\Temp\0.1881648138074531 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Users\KD\AppData\Local\Temp\0.26461316214304664 (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\icqkaaw.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\jpfswsjpuq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\kcblslaldm.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\raenbp.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\usrwsgcx.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\vjddzprjt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\Application Data\icqkaaw.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\Application Data\jpfswsjpuq.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\Application Data\kcblslaldm.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\Application Data\raenbp.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\Application Data\usrwsgcx.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\KD\Local Settings\Application Data\vjddzprjt.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\n (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\ProgramData\TheBflix\emgebiileljojhajhpchfidnbkfodlob.crx (PUP.BFlix) -> Quarantined and deleted successfully.
    C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Quarantined and deleted successfully.
    (end)
  3. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    GMER NO LOG
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    • Download RogueKiller and save it on your desktop.
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.
  5. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    Hi Dragon Master Jay. Thank you so much for responding so fast! I just a regular chick who like to figure out things on my own and this re direct virus was giving me the flucks. I searched and tried a few other things that, of course, didn't work. Then I found this site and so far I feel like I'm on the right path. Just curious....DRAGON Master? how did you get that name
    Time : 25/07/2012 22:24:51
    --------------------------
    [7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
    [7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll

    [PARTICULAR] Time : 25/07/2012 22:25:21
    --------------------------
    [@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@

    [PARTICULAR] Time : 25/07/2012 22:25:21
    --------------------------
    [00000004.@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000004.@

    [PARTICULAR] Time : 25/07/2012 22:25:26
    --------------------------
    [00000008.@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000008.@

    [PARTICULAR] Time : 25/07/2012 22:25:26
    --------------------------
    [000000cb.@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\000000cb.@

    [PARTICULAR] Time : 25/07/2012 22:25:26
    --------------------------
    [00000004.@.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\00000004.@

    [PARTICULAR] Time : 25/07/2012 22:25:26
    --------------------------
    [1afb2d56.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\1afb2d56

    [PARTICULAR] Time : 25/07/2012 22:25:26
    --------------------------
    [201d3dde.vir] -> c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\201d3dde

    [PARTICULAR] Time : 25/07/2012 22:25:26
    --------------------------
    [@.vir] -> c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@

    [PARTICULAR] Time : 25/07/2012 22:25:26
    --------------------------
    ERROR [Desktop.ini.vir] -> c:\windows\assembly\gac_32\desktop.ini

    [PARTICULAR] Time : 25/07/2012 22:25:26
    --------------------------
    ERROR [Desktop.ini.vir] -> c:\windows\assembly\gac_64\desktop.ini

    Time : 25/07/2012 22:25:31
    --------------------------
    [7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
    [7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll

    Time : 25/07/2012 22:27:21
    --------------------------
    [7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
    [7zip_installer_1650.exe.vir] -> C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
    ERROR [rundll32.exe.vir] -> rundll32.exe
    [hpbdk.dll.vir] -> C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll
  6. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: KD [Admin rights]
    Mode: Scan -- Date: 07/25/2012 22:24:53
    ¤¤¤ Bad processes: 2 ¤¤¤
    [SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
    [SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries: 9 ¤¤¤
    [BLACKLIST DLL] HKCU\[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-3469416681-2208332565-2609205558-1000[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> FOUND
    [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\KD\AppData\Local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\n.) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L --> FOUND
    [ZeroAccess][FILE] @ : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200BEVT-22A23T0 +++++
    --- User ---
    [MBR] 11c43ab68d1d64c1131dc53cecbcdece
    [BSP] 8453b8f6edcb641ce1d5ed804b91f420 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 286711 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
  7. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: KD [Admin rights]
    Mode: Remove -- Date: 07/25/2012 22:25:32
    ¤¤¤ Bad processes: 2 ¤¤¤
    [SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
    [SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
    ¤¤¤ Registry Entries: 7 ¤¤¤
    [BLACKLIST DLL] HKCU\[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> DELETED
    [BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> DELETED
    [BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> DELETED
    [BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : Google (rundll32.exe "C:\Users\KD\AppData\Local\Macromedia\Google\hpbdk.dll",CreateInstance) -> DELETED
    [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\KD\AppData\Local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\n.) -> REPLACED (c:\windows\system32\shell32.dll)
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@ --> REMOVED AT REBOOT
    [Del.Parent][FILE] 00000004.@ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000004.@ --> REMOVED
    [Del.Parent][FILE] 00000008.@ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\00000008.@ --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U\000000cb.@ --> REMOVED
    [ZeroAccess][FOLDER] U : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 1afb2d56 : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\1afb2d56 --> REMOVED
    [Del.Parent][FILE] 201d3dde : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] L : c:\windows\installer\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L --> REMOVED
    [ZeroAccess][FILE] @ : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\@ --> REMOVED
    [ZeroAccess][FOLDER] U : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\U --> REMOVED
    [ZeroAccess][FOLDER] L : c:\users\kd\appdata\local\{4bfe41da-9a74-eb97-0cd8-bdc212ed3bfa}\L --> REMOVED
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> REMOVED AT REBOOT
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED AT REBOOT
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD3200BEVT-22A23T0 +++++
    --- User ---
    [MBR] 11c43ab68d1d64c1131dc53cecbcdece
    [BSP] 8453b8f6edcb641ce1d5ed804b91f420 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 18432 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 37750784 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 37955584 | Size: 286711 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  8. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: KD [Admin rights]
    Mode: Shortcuts HJfix -- Date: 07/25/2012 22:27:23
    ¤¤¤ Bad processes: 2 ¤¤¤
    [SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
    [SUSP PATH] 7zip_installer_1650.exe -- C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZQSXQM0\7zip_installer_1650.exe -> KILLED [TermProc]
    ¤¤¤ Driver: [NOT LOADED] ¤¤¤
    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 1 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 13 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 867 / Fail 0
    My documents: Success 165 / Fail 0
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 573 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 88 / Fail 0
    Backup: [NOT FOUND]
    Drives:
    [C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [Q:] \Device\SftVol -- 0x3 --> Restored
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    Finished : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  10. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    OTL Extras logfile created on: 7/26/2012 7:18:49 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\KD\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.52% Memory free
    7.71 Gb Paging File | 6.16 Gb Available in Paging File | 79.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 279.99 Gb Total Space | 188.32 Gb Free Space | 67.26% Space Free | Partition Type: NTFS

    Computer Name: KERIROCHELLE-PC | User Name: KD | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Cakewalk Studio Instruments_is1" = Studio Instruments 1.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
    "{13C0A937-797F-847A-7FF5-010EAC327493}" = Fooz Kids
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
    "{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
    "{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7170BF54-7808-45EE-AB06-6BCE7A254E29}" = Angry Birds Space
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = HomeMedia
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "1ClickDownload" = 1ClickDownloader
    "7-zip" = 7-zip v9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "avast" = avast! Free Antivirus
    "AVG Secure Search" = AVG Security Toolbar
    "BitLord" = BitLord 2.1
    "BitLord_Security_Bar Toolbar" = BitLord Security Bar Toolbar
    "BN_DesktopReader" = NOOK for PC
    "FoozKids" = Fooz Kids
    "Gateway Registration" = Gateway Registration
    "Gateway Screensaver" = Gateway ScreenSaver
    "Gateway Welcome Center" = Welcome Center
    "Google Chrome" = Google Chrome
    "Identity Card" = Identity Card
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Video Web Camera
    "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Gateway MyBackup
    "InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Gateway Social Networks
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PC Cleaners" = PC Cleaners
    "PowerISO" = PowerISO
    "Reason5_is1" = Reason 5.0
    "WildTangent gateway Master Uninstall" = Gateway Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-10c81b53-d040-4c6c-ad25-6a34042523d5" = Torchlight
    "WTA-12a8f428-0609-4194-a353-8ae63af9afea" = Final Drive: Nitro
    "WTA-19313cba-c85f-4013-83ec-6d4b672db5c5" = Plants vs. Zombies - Game of the Year
    "WTA-5369a7d6-c2db-4d04-b1f7-f5fdb848ae28" = Jewel Match 3
    "WTA-83ed7cf4-4368-4108-bd55-ff6b14f0e1de" = Governor of Poker 2 Premium Edition
    "WTA-88413c18-de3b-477b-9c44-4cde202967b7" = Dora's World Adventure
    "WTA-94a0b4ec-d4fc-44a0-bb96-ff891239667b" = Chronicles of Albian
    "WTA-9e10d874-5fe1-415f-9248-6e3c6df0b9a9" = Agatha Christie - Death on the Nile
    "WTA-a254403c-a2d2-4abe-9cb5-80310ed21792" = Virtual Villagers 5 - New Believers
    "WTA-a6ea035b-a52e-42db-b2f0-c64e8320b83b" = FATE: The Cursed King
    "WTA-ba0e17e3-5b47-49d5-8281-f21244bd14df" = Build-a-lot 4 - Power Source
    "WTA-c1b47977-77e8-4041-b8e8-a7a23e0ee5f6" = Mystery of Mortlake Mansion
    "WTA-c6336a01-baad-4a77-b145-9fc14d5dcb10" = Polar Bowler
    "WTA-ca543aa9-12ba-4416-bea8-4c55bffb3b81" = Cradle of Rome 2
    "WTA-ded408db-748e-4c51-89ee-270969d55cac" = Bejeweled 2 Deluxe
    "WTA-f489b1c2-5121-4d0b-bf97-56d81925a8fd" = RollerCoaster Tycoon 3: Platinum
    "WTA-fd276b3a-c719-4813-9199-c1ae5fb70465" = Polar Golfer
    "WTA-fd686104-9945-49e4-8d52-300b99322362" = Zuma's Revenge
    "WTA-fefe4b68-cc9d-4de9-be3d-a637a42350fe" = Penguins!
    "WTA-ff0557a8-fb07-48c4-a2bc-1b190f025566" = Chuzzle Deluxe
    "Zuma's Revenge!1.0" = Zuma's Revenge!

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Tango" = Tango

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/10/2012 5:21:01 PM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/10/2012 7:28:03 PM | Computer Name = KeriRochelle-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: bitlord.exe, version: 2.1.0.91, time stamp:
    0x4f32d25b Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc00000fd Fault offset: 0x0003a6c7 Faulting process id:
    0x17e4 Faulting application start time: 0x01cd5ef2a8c8273d Faulting application path:
    C:\Program Files (x86)\BitLord 2\Bitlord files\bitlord.exe Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: e4c5a99f-cae6-11e1-a158-dc0ea12afcb5

    Error - 7/12/2012 4:24:52 AM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/12/2012 2:48:49 PM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/12/2012 9:22:11 PM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/13/2012 4:46:30 PM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/14/2012 2:19:58 AM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/14/2012 2:48:52 AM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/14/2012 3:04:32 AM | Computer Name = KeriRochelle-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514,
    time stamp: 0x4ce7ae7f Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e21213c Exception code: 0x0000046b Fault offset: 0x000000000000cacd
    Faulting
    process id: 0x11f0 Faulting application start time: 0x01cd618cbf0f189b Faulting application
    path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
    Report
    Id: 28d1470a-cd82-11e1-88e6-dc0ea12afcb5

    Error - 7/14/2012 6:40:52 AM | Computer Name = KeriRochelle-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 7/19/2012 1:24:13 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/19/2012 5:08:08 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/19/2012 5:08:08 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/19/2012 6:41:51 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/19/2012 6:41:51 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/19/2012 10:45:04 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/19/2012 10:45:04 PM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/20/2012 9:53:29 AM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/20/2012 9:53:29 AM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/20/2012 10:43:42 AM | Computer Name = KeriRochelle-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891


    < End of report >
  11. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    OTL logfile created on: 7/26/2012 7:18:49 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\KD\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.86 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 62.52% Memory free
    7.71 Gb Paging File | 6.16 Gb Available in Paging File | 79.95% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 279.99 Gb Total Space | 188.32 Gb Free Space | 67.26% Space Free | Partition Type: NTFS

    Computer Name: KERIROCHELLE-PC | User Name: KD | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/26 19:12:56 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\KD\Downloads\OTL (1).com
    PRC - [2012/07/26 19:12:04 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\KD\Downloads\OTL.com
    PRC - [2012/07/11 15:09:34 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
    PRC - [2012/07/09 21:44:17 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
    PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    PRC - [2011/05/20 11:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    PRC - [2011/05/12 19:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    PRC - [2011/03/09 12:11:22 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/05/04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/11/20 22:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
    MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/08/02 14:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2011/04/22 11:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2012/07/16 20:52:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/09 21:44:17 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/01 10:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
    SRV - [2011/06/07 15:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2011/05/12 19:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2011/04/30 02:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011/03/09 12:11:22 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/05/04 14:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/05/30 23:10:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/06/10 13:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/05/16 16:57:32 | 000,051,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
    DRV:64bit: - [2011/05/09 22:42:16 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2011/05/06 12:11:12 | 000,086,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
    DRV:64bit: - [2011/04/26 13:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011/01/20 20:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
    DRV:64bit: - [2011/01/20 20:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/09 05:26:46 | 002,377,216 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 03:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/07/29 08:30:48 | 001,383,472 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com/?pc=MAGW
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=MAGW
    IE - HKLM\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {C0F07F2A-EA6E-4E29-A55A-9847CB92CCED}
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...fb77e360f&lang=en&ds=st011&pr=sa&d=2012-06-21 18:28:30&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{C0F07F2A-EA6E-4E29-A55A-9847CB92CCED}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..CT2830765.browser.search.defaultthis.engineName: true
    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "BitLord Security Bar Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://google.com"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2830765&SearchSource=2&q="
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 21:44:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/24 20:57:52 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/13 10:35:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/06/13 10:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KD\AppData\Roaming\Mozilla\Extensions
    [2012/07/23 15:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions
    [2012/06/21 18:22:02 | 000,000,000 | ---D | M] (BitLord Security Bar) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
    [2012/07/16 20:07:25 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\4fe3a400731a7@4fe3a400731e1.info
    [2012/06/21 18:27:31 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com
    [2012/07/23 15:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\trash
    [2012/07/16 20:07:45 | 000,000,965 | ---- | M] () -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\searchplugins\conduit.xml
    [2012/07/10 11:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/10 11:39:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    [1832/11/28 23:08:39 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\KD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WNA2CLY.DEFAULT\EXTENSIONS\ZWREQMSAAG@ZWREQMSAAG.ORG.XPI
    [2012/06/01 10:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/07/09 21:44:16 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/06/01 10:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/01 10:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://isearch.avg.com/?cid={CFFAF4...fb77e360f&lang=en&ds=st011&pr=sa&d=2012-06-21 18:28:30&v=11.1.0.7&sap=hp
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://isearch.avg.com/?cid={CFFAF4...fb77e360f&lang=en&ds=st011&pr=sa&d=2012-06-21 18:28:30&v=11.1.0.7&sap=hp
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Norton Confidential (Enabled) = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - Extension: TheBflix = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgebiileljojhajhpchfidnbkfodlob\5.2_0\
    CHR - Extension: avast! WebRep = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
    CHR - Extension: 1Click Downloader = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\

    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (BitLord Security Bar Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (BitLord Security Bar Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (BitLord Security Bar Toolbar) - {8C5878D0-6106-423B-AAA8-144C143DBF44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O1364bit: - gopher Prefix: missing
  12. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.59.247.45 208.59.247.46
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1215B1FD-2E5E-4D75-B9CA-7D321B2E187C}: DhcpNameServer = 208.59.247.45 208.59.247.46
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\Shell - "" = AutoRun
    O33 - MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\Shell - "" = AutoRun
    O33 - MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
    MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: BingDesktop - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    MsConfig:64bit - StartUpReg: HW_OPENEYE_OUC_Cricket Broadband EC1705 - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    MsConfig:64bit - StartUpReg: LManager - hkey= - key= - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    MsConfig:64bit - StartUpReg: Microsoft Help - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    MsConfig:64bit - StartUpReg: PC Cleaners - hkey= - key= - C:\Program Files (x86)\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)
    MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    MsConfig:64bit - StartUpReg: Power Management - hkey= - key= - C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
    MsConfig:64bit - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
    MsConfig:64bit - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
    MsConfig:64bit - StartUpReg: Tango - hkey= - key= - C:\Program Files (x86)\Tango\Tango.exe (Tango Inc.)
    MsConfig:64bit - StartUpReg: vProt - hkey= - key= - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
    MsConfig:64bit - State: "services" - Reg Error: Key error.
    MsConfig:64bit - State: "bootini" - Reg Error: Key error.

    SafeBootMin:64bit: AppMgmt - Service
    SafeBootMin:64bit: Base - Driver Group
    SafeBootMin:64bit: Boot Bus Extender - Driver Group
    SafeBootMin:64bit: Boot file system - Driver Group
    SafeBootMin:64bit: File system - Driver Group
    SafeBootMin:64bit: Filter - Driver Group
    SafeBootMin:64bit: HelpSvc - Service
    SafeBootMin:64bit: PCI Configuration - Driver Group
    SafeBootMin:64bit: PNP Filter - Driver Group
    SafeBootMin:64bit: Primary disk - Driver Group
    SafeBootMin:64bit: sacsvr - Service
    SafeBootMin:64bit: SCSI Class - Driver Group
    SafeBootMin:64bit: System Bus Extender - Driver Group
    SafeBootMin:64bit: vmms - Service
    SafeBootMin:64bit: WinDefend - Service
    SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vmms - Service
    SafeBootMin: WinDefend - Service
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
    ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
    ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
    ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/25 23:02:12 | 000,000,000 | -HSD | C] -- C:\found.000
    [2012/07/25 22:24:14 | 000,000,000 | ---D | C] -- C:\Users\KD\Desktop\RK_Quarantine
    [2012/07/25 22:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
    [2012/07/24 21:33:04 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\Malwarebytes
    [2012/07/24 21:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/24 21:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/24 21:32:28 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/24 21:32:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/24 20:58:06 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/24 20:58:06 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/24 20:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/07/24 20:58:05 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/24 20:58:05 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/24 20:58:05 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/24 20:58:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/07/24 20:58:01 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/24 20:57:42 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/24 20:57:42 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/24 20:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/07/24 20:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/07/21 09:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
  13. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    [2012/07/21 09:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012/07/21 09:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
    [2012/07/21 09:55:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
    [2012/07/21 09:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2012/07/21 09:53:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/07/20 09:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/07/16 22:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2012/07/16 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\Macromedia
    [2012/07/16 20:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
    [2012/07/16 20:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2012/07/16 20:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
    [2012/07/16 19:12:08 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\ElevatedDiagnostics
    [2012/07/16 18:19:44 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/07/14 15:31:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2012/07/14 15:31:13 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2012/07/14 15:21:03 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\PC Cleaners
    [2012/07/14 15:20:55 | 004,274,488 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
    [2012/07/14 15:20:55 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\PCPro
    [2012/07/14 15:20:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Cleaners
    [2012/07/14 15:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
    [2012/07/14 15:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Cleaners
    [2012/07/13 23:37:44 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{7AE5942C-AB73-43A1-B46D-5C0BCD6A2438}
    [2012/07/13 23:37:34 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{AEC39731-98A3-4345-A113-C0C23132FF3E}
    [2012/07/13 22:12:49 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/07/12 03:01:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/07/12 03:01:43 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/07/12 03:01:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/07/12 03:01:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/07/12 03:01:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/07/12 03:01:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/07/12 03:01:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/07/12 03:01:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/07/12 03:01:39 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/07/12 03:01:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/07/12 03:01:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/07/12 03:01:38 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/07/12 03:01:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/07/11 15:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
    [2012/07/11 15:22:14 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
    [2012/07/11 15:22:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2012/07/11 15:22:08 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
    [2012/07/11 15:22:08 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
    [2012/07/10 18:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rovio
    [2012/07/10 18:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rovio
    [2012/07/10 18:27:31 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\Rovio
    [2012/07/10 11:40:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2012/07/10 11:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
    [2012/07/10 11:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/07/10 11:39:54 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2012/07/10 11:39:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012/07/10 11:39:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012/07/10 11:39:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012/07/10 11:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012/06/29 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\KD\Documents\Cakewalk
    [2012/06/29 10:03:55 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\Cakewalk
    [2012/06/29 09:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Identities
    [2012/06/29 09:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IK Multimedia
    [2012/06/29 09:51:48 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
    [2012/06/29 09:51:47 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp70.dll
    [2012/06/29 09:48:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Cakewalk
    [2012/06/28 17:36:42 | 000,338,432 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
    [2012/06/28 17:36:41 | 000,406,528 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
    [2012/06/28 12:20:38 | 000,000,000 | ---D | C] -- C:\Users\KD\Tracing
    [2012/06/28 11:41:03 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/06/28 11:40:21 | 000,000,000 | ---D | C] -- C:\Windows\fr
    [2012/06/28 11:35:25 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{832278FD-5555-4C09-809B-FF57BE34846C}
    [2012/06/28 11:35:14 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{BF13BD5C-7925-4128-8CA9-41952573241A}
    [2012/06/28 11:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Propellerhead Software
    [2012/06/28 11:00:37 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\Propellerhead Software
    [2012/06/28 10:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Propellerhead
    [2012/06/28 10:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Propellerhead
    [2012/06/28 04:43:38 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{A251F060-8D35-412C-8E88-AC74C354DF8D}
    [2012/06/28 04:43:28 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{CF630B14-6C5B-459B-B80A-571E0C40F71F}
    [2012/06/28 04:42:20 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{CEBAD0C0-B6EC-4BAA-A95D-5F91A0287CDA}
    [2012/06/28 04:42:10 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{C2F1E182-89D2-4E45-98DC-6355A9150279}
    [2012/06/28 04:40:21 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{EB0B89BB-1CBD-479E-A5C1-CA8F856703DB}
    [2012/06/28 04:40:11 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{ABD1AF64-2146-4186-9DC6-D6D582A026D1}
    [2012/06/28 04:32:05 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{0666E6EF-E83D-44BA-9D25-64BD88960E92}
    [2012/06/28 04:31:55 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{5CD089D3-FDFC-484A-9C1C-A290C4AD9838}
    [2012/06/28 04:07:44 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{F50A916D-DB28-47FD-B0C5-6BC3A771E658}
    [2012/06/28 04:07:34 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Local\{C899A96E-586E-4846-8CA0-24F54BDB5A70}
    [2012/06/28 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PreSonus
    [2012/06/28 03:52:12 | 000,000,000 | ---D | C] -- C:\Users\KD\AppData\Roaming\PreSonus
    [2012/06/28 03:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Propellerhead Software
    [2012/06/28 03:51:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2012/06/28 03:51:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software
    [2012/06/28 03:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2012/06/28 03:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip

    ========== Files - Modified Within 30 Days ==========

    [2012/07/26 18:59:09 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/26 18:59:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/26 18:58:59 | 000,000,460 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
    [2012/07/26 18:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/25 23:11:54 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/25 23:11:54 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/25 23:04:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/25 23:03:40 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/25 23:03:10 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
    [2012/07/25 22:15:00 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
    [2012/07/24 21:32:30 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/24 20:58:06 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/24 20:58:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/07/21 11:08:10 | 000,428,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/20 09:03:59 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/07/16 22:33:32 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2012/07/16 22:33:32 | 000,002,061 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2012/07/16 20:52:12 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/07/16 20:52:12 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/07/14 15:20:43 | 004,274,488 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
    [2012/07/13 21:47:25 | 000,804,199 | ---- | M] () -- C:\Users\KD\Documents\K7.wma
    [2012/07/12 13:53:33 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/12 13:53:33 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/12 13:53:33 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/11 20:41:02 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/10 18:29:14 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
    [2012/07/10 18:15:41 | 000,002,654 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    [2012/07/10 11:39:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
    [2012/07/10 11:39:43 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
    [2012/07/10 11:39:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
    [2012/07/10 11:39:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
    [2012/07/07 00:06:57 | 000,541,332 | ---- | M] () -- C:\Users\KD\Documents\Tutu.rns
    [2012/07/06 13:40:57 | 000,642,559 | ---- | M] () -- C:\Users\KD\Documents\k5.0.wma
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/07/03 11:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/07/03 11:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/07/03 11:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/06/28 17:36:42 | 000,338,432 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\REX Shared Library.dll
    [2012/06/28 17:36:41 | 000,406,528 | ---- | M] (Propellerhead Software AB) -- C:\Windows\SysWow64\ReWire.dll
    [2012/06/28 10:54:36 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Reason.lnk

    ========== Files Created - No Company Name ==========

    [2012/07/25 23:03:10 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
    [2012/07/25 22:15:00 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
    [2012/07/24 21:32:30 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/24 20:58:06 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/07/24 20:58:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/07/20 09:03:59 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/07/16 20:52:16 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    [2012/07/16 20:52:16 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2012/07/13 21:47:25 | 000,804,199 | ---- | C] () -- C:\Users\KD\Documents\K7.wma
    [2012/07/10 18:29:14 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
    [2012/07/06 13:40:57 | 000,642,559 | ---- | C] () -- C:\Users\KD\Documents\k5.0.wma
    [2012/06/29 17:49:10 | 000,541,332 | ---- | C] () -- C:\Users\KD\Documents\Tutu.rns
    [2012/06/28 10:54:36 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Reason.lnk
    [2012/06/21 18:20:21 | 000,000,218 | ---- | C] () -- C:\Users\KD\AppData\Local\recently-used.xbel
    [2012/04/30 21:52:04 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/10/11 13:18:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/10/11 13:18:10 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/10/11 13:18:09 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011/10/11 13:18:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/10/11 13:18:07 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/09/21 04:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/09/21 04:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/09/21 04:28:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/06/01 10:40:25 | 000,867,032 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/06/01 10:39:49 | 000,913,888 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/09/21 04:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/09/21 04:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/09/21 04:28:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >

    < %systemroot%\System32\config\*.sav >

    < %SYSTEMDRIVE%\*.exe /md5 >
    [2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=520A6D1CBCC9CF642C625FE814C93C58 -- C:\install.exe

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >
     
  14. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2012/07/24 21:14:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\1ClickDownload
    [2012/07/25 22:15:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-zip
    [2011/10/11 13:02:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
    [2012/07/18 21:47:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
    [2011/12/24 11:14:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Barnes & Noble
    [2012/06/21 18:22:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitLord 2
    [2012/06/21 18:21:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitLord_Security_Bar
    [2012/07/10 11:40:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
    [2012/04/30 10:53:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
    [2011/12/24 11:10:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
    [2011/10/11 12:46:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evernote
    [2011/10/11 13:02:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Fooz Kids
    [2011/12/24 11:17:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gateway
    [2011/10/11 12:46:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gateway Games
    [2012/07/20 09:03:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
    [2012/06/29 09:54:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IK Multimedia
    [2012/06/29 17:51:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\InstallShield Installation Information
    [2011/12/24 11:05:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
    [2012/07/12 03:22:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
    [2012/07/10 11:39:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
    [2011/12/24 11:01:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Launch Manager
    [2012/07/24 21:32:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/16 22:33:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee Security Scan
    [2012/07/14 15:31:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
    [2012/07/21 09:53:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
    [2012/04/30 15:31:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
    [2012/07/21 09:55:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
    [2012/05/10 09:47:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
    [2012/07/21 09:55:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    [2012/07/21 09:55:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
    [2012/07/21 09:56:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
    [2012/07/21 09:53:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
    [2012/07/21 09:55:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
    [2012/06/13 10:35:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/06/13 10:35:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/07/21 09:56:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
    [2012/05/09 14:06:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSECache
    [2012/04/29 18:56:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
    [2011/10/11 12:57:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
    [2011/10/11 12:48:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NTI
    [2012/04/12 15:06:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OEM
    [2012/07/14 15:20:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC Cleaners
    [2012/07/14 01:55:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC Tools Registry Mechanic
    [2012/06/21 18:28:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PowerISO
    [2012/06/28 10:53:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Propellerhead
    [2011/12/24 11:04:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
    [2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
    [2012/07/10 18:29:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Rovio
    [2011/10/11 12:46:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
    [2011/12/24 11:10:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Social Networks
    [2011/10/11 12:57:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
    [2011/10/11 12:59:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SymSilent
    [2012/04/29 18:28:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tango
    [2011/12/24 11:04:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Temp
    [2009/07/13 23:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
    [2011/12/24 11:14:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Video Web Camera
    [2012/06/05 21:46:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
    [2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
    [2012/07/14 02:05:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
    [2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
    [2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
    [2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
    [2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
    [2010/11/20 22:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
    [2010/11/21 02:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
    [2012/06/21 18:27:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo
    [2012/05/09 11:40:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zuma's Revenge!

    < %appdata%\*.* >
    [2012/07/24 23:49:56 | 000,000,000 | ---- | M] () -- C:\Users\KD\AppData\Roaming\bitlord_log.txt

    < MD5 for: AFD.SYS >
    [2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
    [2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
    [2011/12/27 23:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
    [2010/11/20 22:24:08 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
    [2011/07/14 00:24:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
    [2011/07/14 00:24:59 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
    [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\SysWOW64\cryptsvc.dll
    [2012/04/23 23:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
    [2010/11/20 22:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
    [2012/04/23 23:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
    [2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\SysNative\cryptsvc.dll
    [2012/04/24 00:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
    [2010/11/20 22:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
    [2012/04/24 00:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2011/07/14 00:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
    [2011/07/14 00:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
    [2011/07/14 00:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
    [2010/11/20 22:24:15 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
    [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
    [2012/06/28 05:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
    [2012/07/09 23:07:57 | 000,008,216 | ---- | M] () MD5=D088A143E3692E65FCEECBEAF6B66E08 -- C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\Locales\es.dll
    [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
    [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll

    < MD5 for: EXPLORER.EXE >
    [2011/07/14 00:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/07/14 00:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/07/14 00:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/07/14 00:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/07/14 00:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/07/14 00:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
    [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
    [2010/11/20 22:23:51 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
    [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

    < MD5 for: QMGR.DLL >
    [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
    [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Windows\SysNative\services.exe
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2011/09/29 12:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
    [2010/11/20 22:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
    [2012/03/30 05:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
    [2011/07/14 00:24:59 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
    [2011/09/21 04:42:42 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
    [2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\SysNative\drivers\tcpip.sys
    [2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
    [2011/07/14 00:24:59 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
    [2011/07/19 21:13:45 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=CB6A53EF141CC3DA32DA54F7E75D301B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21687_none_118505f696597a9d\tcpip.sys
    [2011/07/19 21:13:45 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=DC08410DB2D0CC542DACAC7A90E6CB7A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17582_none_10f667b97d405c20\tcpip.sys
    [2011/09/21 04:42:42 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
    [2011/09/29 11:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

    < MD5 for: TDX.SYS >
    [2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
    [2010/11/20 22:24:32 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 22:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 22:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
    [2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 22:23:47 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
    [2009/07/13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
    [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
    [2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
    [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
    [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
    < End of report >
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:


      :OTL
      IE - HKLM\..\URLSearchHook: {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
      FF - prefs.js..browser.search.selectedEngine: "BitLord Security Bar Customized Web Search"
      FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2830765&SearchSource=2&q="
      [2012/06/21 18:22:02 | 000,000,000 | ---D | M] (BitLord Security Bar) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}
      [2012/07/16 20:07:25 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\4fe3a400731a7@4fe3a400731e1.info
      [2012/06/21 18:27:31 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com
      [1832/11/28 23:08:39 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\KD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7WNA2CLY.DEFAULT\EXTENSIONS\ZWREQMSAAG@ZWREQMSAAG.ORG.XPI
      CHR - Extension: TheBflix = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgebiileljojhajhpchfidnbkfodlob\5.2_0\
      CHR - Extension: 1Click Downloader = C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\
      O2 - BHO: (BitLord Security Bar Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
      O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (BitLord Security Bar Toolbar) - {8c5878d0-6106-423b-aaa8-144c143dbf44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (BitLord Security Bar Toolbar) - {8C5878D0-6106-423B-AAA8-144C143DBF44} - C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll (Conduit Ltd.)
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.6.0/jinstall-6u27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
      O33 - MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\Shell - "" = AutoRun
      O33 - MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\Shell\AutoRun\command - "" = E:\AutoRun.exe
      O33 - MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\Shell - "" = AutoRun
      O33 - MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\Shell\AutoRun\command - "" = E:\AutoRun.exe
      O33 - MountPoints2\E\Shell - "" = AutoRun
      O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe
      MsConfig:64bit - StartUpReg: PC Cleaners - hkey= - key= - C:\Program Files (x86)\PC Cleaners\PCCleaners.exe (PC Cleaners Inc.)

      :commands
      [emptytemp]
      [reboot]

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  16. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8c5878d0-6106-423b-aaa8-144c143dbf44} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ deleted successfully.
    C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll moved successfully.
    Prefs.js: "BitLord Security Bar Customized Web Search" removed from browser.search.selectedEngine
    Prefs.js: "http://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ctid=CT2830765&SearchSource=2&q=" removed from keyword.URL
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\Plugins folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\modules folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\META-INF folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\lib folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\defaults\preferences folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\defaults folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\skin folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\sl folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\lib folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\core folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\WEATHER\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\WEATHER\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\WEATHER folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TWITTER\resources folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TWITTER\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TWITTER\img folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TWITTER folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_POPUP folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\view\style folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\view\script folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\view folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\resources folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\Css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\SEARCH folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\PRICE_GONG folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\Optimizer\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\Optimizer folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\NOTIFICATION folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\MULTI_RSS folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa\404 folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\wa folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\menu\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\menu\img folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\menu\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\menu folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\gf\img folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\gf\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\gf folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\gadgetFrame folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\dlg\ftd\images folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\dlg\ftd folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui\dlg folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ui folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\searchProtector folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options\js\resources folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options\images folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\options folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\myStuffDialogs folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\features\js\resources folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\features\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\features folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\api folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ac\res folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ac\img folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ac\css folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\ac folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\aboutBox\js folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\aboutBox\images folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al\aboutBox folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb\al folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content\tb folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765\content folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome\CT2830765 folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44}\chrome folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\{8c5878d0-6106-423b-aaa8-144c143dbf44} folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\4fe3a400731a7@4fe3a400731e1.info\content folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\4fe3a400731a7@4fe3a400731e1.info folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\skin folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\META-INF folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\locale\en-US folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\locale folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\defaults\preferences folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\defaults folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com\content folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\plugin@yontoo.com folder moved successfully.
    C:\Users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\extensions\zwreqmsaag@zwreqmsaag.org.xpi moved successfully.
    C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgebiileljojhajhpchfidnbkfodlob\5.2_0 folder moved successfully.
    C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\js folder moved successfully.
    C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\images folder moved successfully.
    C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\html folder moved successfully.
    C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0\css folder moved successfully.
    C:\Users\KD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jplinpmadfkdgipabgcdchbdikologlh\1.2_0 folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ not found.
    File C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    C:\Program Files (x86)\Yontoo\YontooIEClient.dll moved successfully.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8c5878d0-6106-423b-aaa8-144c143dbf44} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c5878d0-6106-423b-aaa8-144c143dbf44}\ not found.
    File C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8C5878D0-6106-423B-AAA8-144C143DBF44} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C5878D0-6106-423B-AAA8-144C143DBF44}\ not found.
    File C:\Program Files (x86)\BitLord_Security_Bar\prxtbBit0.dll not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    C:\Windows\Downloaded Program Files\jinstall-6u27.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a664a876-8819-11e1-9a97-74de2bdffb70}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a664a876-8819-11e1-9a97-74de2bdffb70}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a664a876-8819-11e1-9a97-74de2bdffb70}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a664a87c-8819-11e1-9a97-74de2bdffb70}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a664a87c-8819-11e1-9a97-74de2bdffb70}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a664a87c-8819-11e1-9a97-74de2bdffb70}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
    File E:\Autorun.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PC Cleaners\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: KD
    ->Temp folder emptied: 179286679 bytes
    ->Temporary Internet Files folder emptied: 481549377 bytes
    ->Java cache emptied: 9883200 bytes
    ->FireFox cache emptied: 805664591 bytes
    ->Google Chrome cache emptied: 9643897 bytes
    ->Flash cache emptied: 62820 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 202474162 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 1308525413 bytes

    Total Files Cleaned = 2,858.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07272012_155914
    Files\Folders moved on Reboot...
    C:\Users\KD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBL7DZ3N\AjaxHistoryFrame[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBL7DZ3N\xmlProxy[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\InboxLight[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\Messenger[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\resourcespreload[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\xmlProxy[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VT30DNZS\EditMessageLight[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VT30DNZS\RteFrame_16.2.6148.0723[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JGGR2QP5\xmlProxy[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6EFVUD0\flextag[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E9IWZSVC\index[2].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\adloader[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\flextag[2].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\WebIMPop[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92D04R6W\LocalStorage[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43TSLVUK\default[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43TSLVUK\tt[1].htm moved successfully.
    C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    File C:\Users\KD\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBL7DZ3N\AjaxHistoryFrame[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZBL7DZ3N\xmlProxy[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\InboxLight[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\Messenger[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\resourcespreload[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WFCR3RZN\xmlProxy[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VT30DNZS\EditMessageLight[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VT30DNZS\RteFrame_16.2.6148.0723[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JGGR2QP5\xmlProxy[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\F6EFVUD0\flextag[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\E9IWZSVC\index[2].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\adloader[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\flextag[2].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DSLXI8QJ\WebIMPop[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\92D04R6W\LocalStorage[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43TSLVUK\default[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\43TSLVUK\tt[1].htm not found!
    File C:\Users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
    [2012/07/27 16:05:32 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5
    [2012/07/27 16:05:16 | 000,228,220 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
    [2012/07/27 16:05:14 | 000,449,139 | ---- | M] () C:\Windows\temp\LMutilps32.log : Unable to obtain MD5
    Registry entries deleted on Reboot...
  17. Kookie Gram

    Kookie Gram Newcomer, in training Topic Starter Posts: 16

    ComboFix 12-07-27.03 - KD 07/27/2012 16:14:54.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2792 [GMT -5:00]
    Running from: c:\users\KD\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CUO03UK5\ComboFix.exe
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\users\KD\AppData\Local\Temp\{848791BE-9427-4E10-B939-046F4792C0B3}\fpb.tmp
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    .
    Infected copy of c:\windows\system32\Services.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-27 20:59 . 2012-07-27 20:59 -------- d-----w- C:\_OTL
    2012-07-26 04:02 . 2012-07-26 04:02 -------- d-----w- C:\found.000
    2012-07-26 03:14 . 2012-07-26 03:15 -------- d-----w- c:\program files (x86)\7-zip
    2012-07-25 02:33 . 2012-07-25 02:33 -------- d-----w- c:\users\KD\AppData\Roaming\Malwarebytes
    2012-07-25 02:32 . 2012-07-25 02:32 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-25 02:32 . 2012-07-25 02:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-25 02:32 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-25 01:58 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-07-25 01:58 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2012-07-25 01:58 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-25 01:58 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-07-25 01:58 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-07-25 01:58 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-25 01:58 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
    2012-07-25 01:57 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-25 01:57 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-07-25 01:57 . 2012-07-25 01:57 -------- d-----w- c:\programdata\AVAST Software
    2012-07-25 01:57 . 2012-07-25 01:57 -------- d-----w- c:\program files\AVAST Software
    2012-07-21 14:56 . 2012-07-21 14:56 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
    2012-07-21 14:55 . 2012-07-21 14:55 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
    2012-07-21 14:53 . 2012-07-21 14:53 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
    2012-07-21 14:53 . 2012-07-21 14:53 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2012-07-17 01:52 . 2012-07-18 17:27 -------- d-----w- c:\users\KD\AppData\Local\Macromedia
    2012-07-17 01:52 . 2012-07-17 01:52 -------- d-----w- c:\programdata\McAfee Security Scan
    2012-07-17 01:52 . 2012-07-17 01:52 -------- d-----w- c:\programdata\McAfee
    2012-07-17 01:52 . 2012-07-17 03:33 -------- d-----w- c:\program files (x86)\McAfee Security Scan
    2012-07-17 00:12 . 2012-07-21 14:27 -------- d-----w- c:\users\KD\AppData\Local\ElevatedDiagnostics
    2012-07-14 20:31 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-14 20:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-14 20:21 . 2012-07-14 20:21 -------- d-----w- c:\users\KD\AppData\Roaming\PC Cleaners
    2012-07-14 20:20 . 2012-07-14 20:21 -------- d-----w- c:\users\KD\AppData\Roaming\PCPro
    2012-07-14 20:20 . 2012-07-14 20:20 4274488 ----a-w- c:\windows\uninst.exe
    2012-07-14 20:20 . 2012-07-14 20:20 -------- d-----w- c:\program files (x86)\PC Cleaners
    2012-07-14 20:20 . 2012-07-14 20:20 -------- d-----w- c:\programdata\PC1Data
    2012-07-14 03:12 . 2012-07-14 03:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-13 11:09 . 2012-06-18 08:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06241A05-E5AD-4E75-B24D-0BB3D7B48CE3}\mpengine.dll
    2012-07-12 08:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 20:22 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-10 23:29 . 2012-07-10 23:29 -------- d-----w- c:\program files (x86)\Rovio
    2012-07-10 23:27 . 2012-07-10 23:27 -------- d-----w- c:\users\KD\AppData\Roaming\Rovio
    2012-07-10 16:40 . 2012-07-10 16:40 -------- d-----w- c:\windows\Sun
    2012-07-10 16:40 . 2012-07-10 16:40 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-07-10 16:39 . 2012-07-10 16:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-07-10 16:39 . 2012-07-10 16:39 -------- d-----w- c:\program files (x86)\Java
    2012-06-29 15:03 . 2012-06-29 15:20 -------- d-----w- c:\users\KD\AppData\Roaming\Cakewalk
    2012-06-29 14:54 . 2012-06-29 14:54 -------- d-----w- c:\program files (x86)\IK Multimedia
    2012-06-29 14:51 . 2006-02-24 15:00 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
    2012-06-29 14:51 . 2006-02-24 15:00 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
    2012-06-29 14:48 . 2012-06-29 22:52 -------- d-----w- c:\programdata\Cakewalk
    2012-06-28 22:36 . 2012-06-28 22:36 338432 ----a-w- c:\windows\SysWow64\REX Shared Library.dll
    2012-06-28 22:36 . 2012-06-28 22:36 406528 ----a-w- c:\windows\SysWow64\ReWire.dll
    2012-06-28 17:20 . 2012-06-28 17:20 -------- d-----w- c:\users\KD\Tracing
    2012-06-28 16:41 . 2012-06-28 16:41 -------- d-----w- c:\windows\en
    2012-06-28 16:40 . 2012-06-28 16:40 -------- d-----w- c:\windows\fr
    2012-06-28 16:36 . 2012-06-28 16:36 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\233966d21cd554c02\MeshBetaRemover.exe
    2012-06-28 16:36 . 2012-06-28 16:36 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\DSETUP.dll
    2012-06-28 16:36 . 2012-06-28 16:36 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\DXSETUP.exe
    2012-06-28 16:36 . 2012-06-28 16:36 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\22fd388b1cd554c01\dsetup32.dll
    2012-06-28 16:00 . 2012-06-28 22:36 -------- d-----w- c:\programdata\Propellerhead Software
    2012-06-28 16:00 . 2012-06-28 16:00 -------- d-----w- c:\users\KD\AppData\Roaming\Propellerhead Software
    2012-06-28 15:53 . 2012-06-28 15:53 -------- d-----w- c:\program files (x86)\Propellerhead
    2012-06-28 08:52 . 2012-06-28 08:52 -------- d-----w- c:\programdata\PreSonus
    2012-06-28 08:52 . 2012-06-28 08:52 -------- d-----w- c:\users\KD\AppData\Roaming\PreSonus
    2012-06-28 08:51 . 2012-06-28 08:51 -------- d-----w- c:\program files (x86)\Common Files\Propellerhead Software
    2012-06-28 08:51 . 2012-06-28 10:24 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-06-28 08:51 . 2012-06-28 08:51 -------- d-----w- c:\program files\Common Files\Propellerhead Software
    2012-06-28 08:39 . 2012-06-28 08:39 -------- d-----w- c:\program files\7-Zip
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 03:22 . 2012-04-30 16:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-27 03:22 . 2011-10-11 17:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 08:02 . 2012-06-18 07:01 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-21 22:48 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 22:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 22:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 22:49 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 22:48 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 22:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 22:48 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-21 22:48 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-21 22:48 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-31 04:10 . 2012-06-21 23:28 126944 ----a-w- c:\windows\system32\drivers\scdemu.sys
    2012-05-04 11:06 . 2012-06-14 01:24 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-14 01:24 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-14 01:24 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-14 01:24 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-29 23:20 . 2011-03-29 01:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-10 02:44 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-19 36960]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 136176]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-29 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
    S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-08-02 872552]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2011-05-30 36456]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-04-22 244624]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-03-09 257344]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-10 935008]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
    S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
    S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 03:22]
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 03:28]
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-18 03:28]
    .
    2012-07-26 c:\windows\Tasks\ParetoLogic Registration.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.bing.com/?pc=MAGW
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 208.59.247.45 208.59.247.46
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\KD\AppData\Roaming\Mozilla\Firefox\Profiles\7wna2cly.default\
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - hxxp://google.com
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: extentions.y2layers.installId - 8309d8f5-ace5-427d-a02f-9988d36dedc7
    FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-1ClickDownload - c:\program files (x86)\1ClickDownload\uninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Launch Manager\LMutilps32.exe
    c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\syswow64\MsiExec.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-27 16:31:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-27 21:31
    .
    Pre-Run: 204,651,077,632 bytes free
    Post-Run: 204,091,695,104 bytes free
    .
    - - End Of File - - 6412685121EA7CBE67CB2BB1E729C0F5
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Excellent work!

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.