TechSpot

Random audio and advertisements in background

By Animeniak7530
Jul 16, 2012
  1. Hello,

    I've been having problems with sound files playing in the background at seemingly random intervals. They happen most often after I first boot my computer and consist of advertisements and some other video/music (like a Cracked . com video, a site which I frequent). I'm not sure if it's replaying audio to things I've recently watched or if they're different audio files altogether.

    I found another topic of this sort on this forum through Google, and the eventual fix was the reinstallation of Java. I tried that solution, but the problem came back, so I ran my own scans and here are my logs (MWB did delete some viruses, but the problem persists. Also, McAfee wouldn't let me disable my firewall, so I'm not sure if that has caused any hinderance with DDS):

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.13.11

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Kyle :: KYLE-PC [administrator]

    Protection: Enabled

    7/14/2012 3:21:18 AM
    mbam-log-2012-07-14 (03-21-18).txt

    Scan type: Full scan (C:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 805956
    Time elapsed: 7 hour(s), 31 minute(s), 49 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 2468 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\ProgramData\Microsoft\Windows\DRM\E19B.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
    C:\ProgramData\Microsoft\Windows\DRM\E19C.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
    C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\n (Rootkit.0Access) -> Delete on reboot.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
    -------------------------------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-15 18:14:09
    Windows 6.1.7601 Service Pack 1
    Running: 49d6xyh7.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38b3053f
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38b3053f (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
    ------------------------------------------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
    Run by Kyle at 21:17:33 on 2012-07-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1558 [GMT -7:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Program Files\WTouch\WTouchService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\lxebcoms.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files\WTouch\WTouchUser.exe
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
    C:\Windows\system32\taskeng.exe
    c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
    uDefault_Page_URL = g.msn.com/USCON/1
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111219222325.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Facebook Update] "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun: [Jaksta Free Video History] "C:\Program Files (x86)\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe" -monitor
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    StartupFolder: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20} : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20}\47865656572616E6B66616D696C6973316E64643 : DhcpNameServer = 208.67.222.222 208.67.220.220 209.18.47.61
    TCP: Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20}\F457276416D696C69725F657475627 : DhcpNameServer = 209.18.47.61 209.18.47.62
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111219222325.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO-X64: Vuze Remote - No File
    BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO-X64: Ask Toolbar BHO - No File
    BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO-X64: WeCareReminder - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [(Default)]
    mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
    mRun-x64: [Jaksta Free Video History] "C:\Program Files (x86)\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe" -monitor
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3019965&SearchSource=2&q=
    FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\extensions\{e5b66461-19eb-4da5-bbf7-df2d266d975b}\plugins\np-mswmp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 249936]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 249936]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-11-23 199272]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-11-23 208536]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-11-23 161168]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-23 1692480]
    R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2320920]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
    R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2011-7-8 127272]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
    S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-10-6 45736]
    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 249936]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
    S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\5C24.tmp --> C:\Windows\system32\5C24.tmp [?]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-1 113120]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 249936]
    .
    =============== Created Last 30 ================
    .
    2012-07-14 20:43:37 20480 ----a-w- C:\Windows\svchost.exe
    2012-07-14 00:39:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-14 00:39:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-13 20:23:08 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-07-13 20:22:33 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-07-12 08:08:47 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 20:23:02 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-11 20:23:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-07-11 20:23:00 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-07-10 06:39:55 -------- d-----w- C:\Users\Kyle\AppData\Local\Bit.Trip Beat
    2012-07-10 06:34:59 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
    2012-07-10 06:34:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2012-07-10 06:34:59 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
    2012-07-10 06:34:59 -------- d-----w- C:\Program Files (x86)\OpenAL
    2012-07-10 06:34:58 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2012-07-02 07:56:57 0 ----a-w- C:\Windows\SysWow64\shoD00D.tmp
    2012-07-01 08:26:06 -------- d-----w- C:\DataSafeOnline
    2012-06-29 00:01:10 -------- d-sh--w- C:\found.000
    2012-06-28 05:07:23 -------- d-----w- C:\Program Files\Core Temp
    2012-06-24 22:52:05 -------- d-----w- C:\Users\Kyle\AppData\Local\Lazy 8 Studios
    2012-06-22 18:07:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-22 18:06:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-22 18:06:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-22 18:06:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-19 22:20:35 -------- d-----w- C:\Users\Kyle\AppData\Local\Microsoft Games
    2012-06-18 20:19:20 -------- d-----w- C:\Users\Kyle\AppData\Local\Jaksta_Technologies_Pty_L
    2012-06-18 20:19:18 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Jaksta Free Video History
    2012-06-18 20:18:55 -------- d-----w- C:\Program Files (x86)\Jaksta Technologies
    2012-06-18 01:22:05 -------- d-----w- C:\Program Files (x86)\freecordertoolbar
    2012-06-16 23:08:19 -------- d-----w- C:\Users\Kyle\AppData\Roaming\fltk.org
    2012-06-16 23:08:19 -------- d-----w- C:\ProgramData\fltk.org
    .
    ==================== Find3M ====================
    .
    2012-07-11 23:54:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-11 23:54:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-06 05:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 21:19:07.42 ===============
     
  2. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/7/2010 2:41:35 PM
    System Uptime: 7/15/2012 1:56:16 PM (8 hours ago)
    .
    Motherboard: Dell Inc. | | 0PJTXT
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | U2E1 | 1190/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 108.058 GiB free.
    D: is CDROM (CDFS)
    Y: is FIXED (NTFS) - 15 GiB total, 7.205 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP189: 7/7/2012 3:14:10 AM - Windows Update
    RP190: 7/8/2012 3:00:58 AM - Windows Update
    RP191: 7/8/2012 4:02:08 AM - Windows Update
    RP192: 7/9/2012 3:00:26 AM - Windows Update
    RP193: 7/10/2012 1:21:47 AM - Windows Update
    RP194: 7/11/2012 3:01:19 AM - Windows Update
    RP195: 7/12/2012 12:58:13 AM - Windows Update
    RP196: 7/13/2012 3:00:28 AM - Windows Update
    RP197: 7/13/2012 1:20:40 PM - Installed Java(TM) 7 Update 5
    RP198: 7/13/2012 1:22:41 PM - Installed JavaFX 2.1.1
    RP199: 7/14/2012 3:25:04 AM - Windows Update
    RP200: 7/15/2012 1:14:35 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Advanced Audio FX Engine
    AIM 7
    Alice Madness Returns
    Amazon MP3 Downloader 1.0.12
    Amnesia: The Dark Descent
    Apple Application Support
    Apple Software Update
    Ask Toolbar
    Ask Toolbar Updater
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    ATI Catalyst Control Center
    AVG Security Toolbar
    Bamboo
    Beat Hazard
    BIT.TRIP BEAT
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CleanWaterAction Reminder by We-Care.com v5.0.5.1
    Cogs
    Consumer In-Home Service Agreement
    Costume Quest
    Cozi
    Creation Kit
    DarksidersInstaller
    DeathSpank
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Driver Download Manager
    Dell Getting Started Guide
    Dell Resource CD
    Dell Support Center (Support Software)
    Dell Webcam Central
    Download Updater (AOL LLC)
    Facebook Video Calling 1.2.0.159
    Fallout Mod Manager 0.13.21
    FrostWire 4.21.3
    FrostWire 5.3.6
    GIMP 2.6.11
    GOM Player
    Google Earth
    Google Update Helper
    GoToAssist 8.0.0.514
    Gtk# for .Net 2.12.10
    Inkscape 0.48.2
    Intel(R) Management Engine Components
    IZArc 4.1.6
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    League of Legends
    Left 4 Dead
    Left 4 Dead 2
    Lexmark Toolbar
    LIMBO
    Live! Cam Avatar Creator
    LoJack Factory Installer
    Magicka
    Malwarebytes Anti-Malware version 1.62.0.1300
    McAfee Security Scan Plus
    McAfee SecurityCenter
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XNA Framework Redistributable 3.1
    Mozilla Firefox 13.0.1 (x86 en-US)
    Mozilla Maintenance Service
    Oblivion
    Online Sheet Music Viewer 8.2.2.0
    OpenAL
    Origin
    Portal
    Psychonauts
    Python 2.7.2
    QuickTime
    Roxio Burn
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Sixense TrueMotion SDK
    Skins
    Skype Toolbars
    Skype™ 5.3
    Sophos Anti-Rootkit 1.5.20
    Source SDK
    Stacking
    Steam
    Team Fortress 2
    Team Fortress 2 Beta
    The Path
    Torchlight
    Ubisoft Game Launcher
    Unity
    Unity Web Player
    Unreal Development Kit
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Visual Studio 2008 x64 Redistributables
    Vuze
    Vuze Remote Toolbar
    Warcraft III
    WildTangent Games
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/9/2012 6:32:16 PM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
    7/9/2012 6:32:16 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    7/9/2012 6:30:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000400000001, 0xfffff880035c4a68, 0xfffff880035c42c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070912-30638-01.
    7/9/2012 4:25:24 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
    7/9/2012 4:23:23 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.
    7/9/2012 1:28:12 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    7/8/2012 3:00:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WTouchService service.
    7/15/2012 5:48:38 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    7/15/2012 5:48:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    7/15/2012 2:01:05 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
    7/15/2012 1:57:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    7/15/2012 1:56:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    7/15/2012 1:56:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.
    7/15/2012 1:56:32 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    7/15/2012 1:56:32 PM, Error: Service Control Manager [7000] - The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/15/2012 1:56:30 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    7/15/2012 1:56:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffffff90fffffb, 0x0000000000000001, 0xfffffa8008cfb2a3, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071512-24320-01.
    7/15/2012 1:15:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
    7/14/2012 11:28:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035836ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071412-26410-01.
    7/13/2012 2:19:30 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    7/13/2012 12:48:17 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    7/12/2012 12:39:50 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    7/12/2012 12:34:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    7/12/2012 12:31:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035ce6ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071212-80605-01.
    7/10/2012 7:22:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
    7/10/2012 4:36:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035c76ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071012-27534-01.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  4. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    14:29:12.0130 7148 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
    14:29:12.0671 7148 ============================================================
    14:29:12.0671 7148 Current date / time: 2012/07/16 14:29:12.0671
    14:29:12.0671 7148 SystemInfo:
    14:29:12.0671 7148
    14:29:12.0671 7148 OS Version: 6.1.7601 ServicePack: 1.0
    14:29:12.0671 7148 Product type: Workstation
    14:29:12.0671 7148 ComputerName: KYLE-PC
    14:29:12.0671 7148 UserName: Kyle
    14:29:12.0671 7148 Windows directory: C:\Windows
    14:29:12.0671 7148 System windows directory: C:\Windows
    14:29:12.0671 7148 Running under WOW64
    14:29:12.0671 7148 Processor architecture: Intel x64
    14:29:12.0671 7148 Number of processors: 4
    14:29:12.0671 7148 Page size: 0x1000
    14:29:12.0671 7148 Boot type: Normal boot
    14:29:12.0671 7148 ============================================================
    14:29:15.0273 7148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    14:29:15.0283 7148 ============================================================
    14:29:15.0283 7148 \Device\Harddisk0\DR0:
    14:29:15.0283 7148 MBR partitions:
    14:29:15.0283 7148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
    14:29:15.0283 7148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
    14:29:15.0283 7148 ============================================================
    14:29:15.0443 7148 C: <-> \Device\Harddisk0\DR0\Partition1
    14:29:15.0453 7148 ============================================================
    14:29:15.0453 7148 Initialize success
    14:29:15.0453 7148 ============================================================
    14:29:40.0067 4912 ============================================================
    14:29:40.0067 4912 Scan started
    14:29:40.0067 4912 Mode: Manual;
    14:29:40.0067 4912 ============================================================
    14:29:44.0377 4912 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    14:29:44.0457 4912 !SASCORE - ok
    14:29:44.0881 4912 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    14:29:44.0941 4912 1394ohci - ok
    14:29:45.0343 4912 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    14:29:45.0413 4912 ACPI - ok
    14:29:45.0523 4912 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    14:29:45.0583 4912 AcpiPmi - ok
    14:29:45.0843 4912 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    14:29:45.0915 4912 AdobeARMservice - ok
    14:29:46.0115 4912 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    14:29:46.0195 4912 AdobeFlashPlayerUpdateSvc - ok
    14:29:46.0277 4912 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    14:29:46.0307 4912 adp94xx - ok
    14:29:46.0367 4912 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    14:29:46.0387 4912 adpahci - ok
    14:29:46.0427 4912 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    14:29:46.0437 4912 adpu320 - ok
    14:29:46.0467 4912 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    14:29:46.0477 4912 AeLookupSvc - ok
    14:29:46.0577 4912 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    14:29:46.0657 4912 AFD - ok
    14:29:46.0807 4912 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    14:29:46.0817 4912 agp440 - ok
    14:29:46.0857 4912 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    14:29:46.0857 4912 ALG - ok
    14:29:46.0947 4912 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    14:29:46.0947 4912 aliide - ok
    14:29:47.0117 4912 ALSysIO - ok
    14:29:47.0157 4912 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
    14:29:47.0207 4912 AMD External Events Utility - ok
    14:29:47.0267 4912 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    14:29:47.0277 4912 amdide - ok
    14:29:47.0327 4912 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    14:29:47.0327 4912 AmdK8 - ok
    14:29:47.0967 4912 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
    14:29:48.0307 4912 amdkmdag - ok
    14:29:48.0487 4912 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
    14:29:48.0547 4912 amdkmdap - ok
    14:29:48.0587 4912 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    14:29:48.0607 4912 AmdPPM - ok
    14:29:48.0679 4912 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    14:29:48.0749 4912 amdsata - ok
    14:29:48.0819 4912 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    14:29:48.0829 4912 amdsbs - ok
    14:29:48.0849 4912 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    14:29:48.0909 4912 amdxata - ok
    14:29:49.0049 4912 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    14:29:49.0119 4912 AppID - ok
    14:29:49.0189 4912 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    14:29:49.0189 4912 AppIDSvc - ok
    14:29:49.0269 4912 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    14:29:49.0319 4912 Appinfo - ok
    14:29:49.0479 4912 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    14:29:49.0539 4912 Apple Mobile Device - ok
    14:29:49.0729 4912 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    14:29:49.0739 4912 arc - ok
    14:29:49.0749 4912 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    14:29:49.0759 4912 arcsas - ok
    14:29:50.0050 4912 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    14:29:50.0160 4912 aspnet_state - ok
    14:29:50.0192 4912 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:29:50.0202 4912 AsyncMac - ok
    14:29:50.0272 4912 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    14:29:50.0272 4912 atapi - ok
    14:29:50.0302 4912 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
    14:29:50.0371 4912 AtiHdmiService - ok
    14:29:50.0494 4912 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    14:29:50.0594 4912 AudioEndpointBuilder - ok
    14:29:50.0604 4912 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    14:29:50.0614 4912 AudioSrv - ok
    14:29:50.0734 4912 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    14:29:50.0784 4912 AxInstSV - ok
    14:29:50.0874 4912 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    14:29:50.0894 4912 b06bdrv - ok
    14:29:51.0084 4912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:29:51.0114 4912 b57nd60a - ok
    14:29:51.0154 4912 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
    14:29:51.0204 4912 BCM42RLY - ok
    14:29:51.0394 4912 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    14:29:51.0556 4912 BCM43XX - ok
    14:29:51.0696 4912 BcmVWL (d98f22c21d2969dad4f1faad8cd4faac) C:\Windows\system32\DRIVERS\bcmvwl64.sys
    14:29:51.0774 4912 BcmVWL - ok
    14:29:51.0818 4912 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    14:29:51.0828 4912 BDESVC - ok
    14:29:51.0878 4912 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    14:29:51.0878 4912 Beep - ok
    14:29:51.0968 4912 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    14:29:52.0210 4912 BITS - ok
    14:29:52.0282 4912 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:29:52.0292 4912 blbdrive - ok
    14:29:52.0522 4912 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    14:29:52.0612 4912 Bonjour Service - ok
    14:29:52.0802 4912 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    14:29:52.0862 4912 bowser - ok
    14:29:52.0922 4912 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:29:52.0932 4912 BrFiltLo - ok
    14:29:52.0952 4912 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:29:52.0962 4912 BrFiltUp - ok
    14:29:53.0002 4912 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    14:29:53.0052 4912 Browser - ok
    14:29:53.0082 4912 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    14:29:53.0092 4912 Brserid - ok
    14:29:53.0122 4912 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:29:53.0122 4912 BrSerWdm - ok
    14:29:53.0152 4912 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:29:53.0152 4912 BrUsbMdm - ok
    14:29:53.0172 4912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:29:53.0172 4912 BrUsbSer - ok
    14:29:53.0342 4912 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    14:29:53.0352 4912 BthEnum - ok
    14:29:53.0402 4912 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:29:53.0412 4912 BTHMODEM - ok
    14:29:53.0542 4912 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    14:29:53.0552 4912 BthPan - ok
    14:29:53.0662 4912 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
    14:29:53.0762 4912 BTHPORT - ok
    14:29:53.0842 4912 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    14:29:53.0842 4912 bthserv - ok
    14:29:53.0883 4912 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
    14:29:53.0943 4912 BTHUSB - ok
    14:29:53.0993 4912 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
    14:29:54.0053 4912 btusbflt - ok
    14:29:54.0103 4912 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
    14:29:54.0153 4912 btwaudio - ok
    14:29:54.0213 4912 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
    14:29:54.0273 4912 btwavdt - ok
    14:29:54.0383 4912 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    14:29:54.0463 4912 btwdins - ok
    14:29:54.0483 4912 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
    14:29:54.0533 4912 btwl2cap - ok
    14:29:54.0583 4912 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
    14:29:54.0663 4912 btwrchid - ok
    14:29:54.0723 4912 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:29:54.0723 4912 cdfs - ok
    14:29:54.0803 4912 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    14:29:54.0863 4912 cdrom - ok
    14:29:54.0923 4912 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    14:29:54.0973 4912 CertPropSvc - ok
    14:29:55.0013 4912 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
    14:29:55.0073 4912 cfwids - ok
    14:29:55.0123 4912 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    14:29:55.0133 4912 circlass - ok
    14:29:55.0163 4912 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    14:29:55.0183 4912 CLFS - ok
    14:29:55.0283 4912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    14:29:55.0293 4912 clr_optimization_v2.0.50727_32 - ok
    14:29:55.0343 4912 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    14:29:55.0353 4912 clr_optimization_v2.0.50727_64 - ok
    14:29:55.0523 4912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    14:29:55.0833 4912 clr_optimization_v4.0.30319_32 - ok
    14:29:56.0024 4912 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    14:29:56.0274 4912 clr_optimization_v4.0.30319_64 - ok
    14:29:56.0334 4912 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:29:56.0334 4912 CmBatt - ok
    14:29:56.0384 4912 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    14:29:56.0394 4912 cmdide - ok
    14:29:56.0444 4912 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    14:29:56.0504 4912 CNG - ok
    14:29:56.0564 4912 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    14:29:56.0574 4912 Compbatt - ok
    14:29:56.0774 4912 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    14:29:56.0834 4912 CompositeBus - ok
    14:29:56.0854 4912 COMSysApp - ok
    14:29:56.0874 4912 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    14:29:56.0884 4912 crcdisk - ok
    14:29:56.0955 4912 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    14:29:57.0005 4912 CryptSvc - ok
    14:29:57.0045 4912 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
    14:29:57.0105 4912 CtClsFlt - ok
    14:29:57.0295 4912 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    14:29:57.0305 4912 cvhsvc - ok
    14:29:57.0365 4912 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
    14:29:57.0435 4912 dc3d - ok
    14:29:57.0535 4912 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    14:29:57.0555 4912 DcomLaunch - ok
    14:29:57.0575 4912 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    14:29:57.0585 4912 defragsvc - ok
    14:29:57.0685 4912 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    14:29:57.0775 4912 DfsC - ok
    14:29:58.0295 4912 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    14:29:58.0355 4912 Dhcp - ok
    14:29:58.0385 4912 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    14:29:58.0385 4912 discache - ok
    14:29:58.0435 4912 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    14:29:58.0435 4912 Disk - ok
    14:29:58.0505 4912 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    14:29:58.0555 4912 Dnscache - ok
    14:29:58.0675 4912 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
    14:29:58.0765 4912 DockLoginService - ok
    14:29:58.0825 4912 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    14:29:58.0865 4912 dot3svc - ok
    14:29:59.0105 4912 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    14:29:59.0135 4912 DPS - ok
    14:29:59.0195 4912 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    14:29:59.0195 4912 drmkaud - ok
    14:29:59.0535 4912 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    14:29:59.0795 4912 DXGKrnl - ok
    14:30:00.0046 4912 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    14:30:00.0056 4912 EapHost - ok
    14:30:01.0317 4912 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    14:30:01.0447 4912 ebdrv - ok
    14:30:03.0107 4912 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    14:30:03.0187 4912 EFS - ok
    14:30:03.0377 4912 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    14:30:03.0477 4912 ehRecvr - ok
    14:30:03.0717 4912 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    14:30:03.0727 4912 ehSched - ok
    14:30:05.0729 4912 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    14:30:05.0779 4912 elxstor - ok
    14:30:05.0869 4912 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    14:30:05.0879 4912 ErrDev - ok
    14:30:06.0479 4912 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    14:30:06.0479 4912 EventSystem - ok
    14:30:06.0569 4912 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    14:30:06.0579 4912 exfat - ok
    14:30:06.0599 4912 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    14:30:06.0609 4912 fastfat - ok
    14:30:06.0689 4912 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    14:30:06.0749 4912 Fax - ok
    14:30:06.0779 4912 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    14:30:06.0789 4912 fdc - ok
    14:30:06.0859 4912 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    14:30:06.0869 4912 fdPHost - ok
    14:30:07.0069 4912 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    14:30:07.0069 4912 FDResPub - ok
    14:30:07.0099 4912 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    14:30:07.0109 4912 FileInfo - ok
    14:30:07.0119 4912 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    14:30:07.0119 4912 Filetrace - ok
    14:30:07.0159 4912 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:30:07.0159 4912 flpydisk - ok
    14:30:07.0229 4912 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    14:30:07.0287 4912 FltMgr - ok
    14:30:07.0411 4912 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    14:30:07.0471 4912 FontCache - ok
    14:30:07.0661 4912 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    14:30:07.0731 4912 FontCache3.0.0.0 - ok
    14:30:07.0861 4912 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    14:30:07.0861 4912 FsDepends - ok
    14:30:07.0921 4912 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    14:30:08.0000 4912 Fs_Rec - ok
    14:30:08.0270 4912 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    14:30:08.0350 4912 fvevol - ok
    14:30:08.0412 4912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:30:08.0422 4912 gagp30kx - ok
    14:30:08.0532 4912 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
    14:30:08.0632 4912 GameConsoleService - ok
    14:30:08.0762 4912 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:30:08.0832 4912 GEARAspiWDM - ok
    14:30:08.0922 4912 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    14:30:08.0982 4912 GoToAssist - ok
    14:30:09.0242 4912 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    14:30:09.0312 4912 gpsvc - ok
    14:30:09.0424 4912 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    14:30:09.0514 4912 gupdate - ok
    14:30:09.0564 4912 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    14:30:09.0564 4912 gupdatem - ok
    14:30:09.0594 4912 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    14:30:09.0594 4912 hcw85cir - ok
    14:30:09.0694 4912 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    14:30:09.0744 4912 HdAudAddService - ok
    14:30:09.0884 4912 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    14:30:09.0934 4912 HDAudBus - ok
    14:30:10.0094 4912 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
    14:30:10.0144 4912 HECIx64 - ok
    14:30:10.0194 4912 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    14:30:10.0194 4912 HidBatt - ok
    14:30:10.0234 4912 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    14:30:10.0234 4912 HidBth - ok
    14:30:10.0254 4912 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    14:30:10.0254 4912 HidIr - ok
    14:30:10.0284 4912 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    14:30:10.0284 4912 hidserv - ok
    14:30:10.0364 4912 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    14:30:10.0424 4912 HidUsb - ok
    14:30:10.0476 4912 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    14:30:10.0516 4912 hkmsvc - ok
    14:30:10.0576 4912 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    14:30:10.0626 4912 HomeGroupListener - ok
    14:30:10.0966 4912 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    14:30:11.0006 4912 HomeGroupProvider - ok
    14:30:11.0226 4912 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    14:30:11.0304 4912 HpSAMD - ok
    14:30:11.0388 4912 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    14:30:11.0476 4912 HTTP - ok
    14:30:11.0520 4912 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    14:30:11.0570 4912 hwpolicy - ok
    14:30:11.0700 4912 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    14:30:11.0710 4912 i8042prt - ok
    14:30:11.0760 4912 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
    14:30:11.0760 4912 iaStor - ok
    14:30:11.0840 4912 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    14:30:11.0920 4912 iaStorV - ok
    14:30:12.0290 4912 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    14:30:12.0590 4912 idsvc - ok
    14:30:12.0770 4912 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    14:30:12.0780 4912 iirsp - ok
    14:30:12.0970 4912 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    14:30:13.0070 4912 IKEEXT - ok
    14:30:13.0122 4912 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
    14:30:13.0182 4912 Impcd - ok
    14:30:13.0182 4912 IntcAzAudAddService - ok
    14:30:13.0302 4912 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    14:30:13.0302 4912 intelide - ok
    14:30:13.0432 4912 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    14:30:13.0442 4912 intelppm - ok
    14:30:13.0492 4912 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    14:30:13.0502 4912 IPBusEnum - ok
    14:30:13.0552 4912 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:30:13.0612 4912 IpFilterDriver - ok
    14:30:13.0732 4912 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    14:30:13.0792 4912 IPMIDRV - ok
    14:30:13.0842 4912 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    14:30:13.0852 4912 IPNAT - ok
    14:30:14.0185 4912 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
    14:30:14.0245 4912 iPod Service - ok
    14:30:14.0305 4912 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    14:30:14.0305 4912 IRENUM - ok
    14:30:14.0365 4912 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    14:30:14.0365 4912 isapnp - ok
    14:30:14.0395 4912 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    14:30:14.0475 4912 iScsiPrt - ok
    14:30:14.0495 4912 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    14:30:14.0505 4912 kbdclass - ok
    14:30:14.0555 4912 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    14:30:14.0665 4912 kbdhid - ok
    14:30:14.0775 4912 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    14:30:14.0775 4912 KeyIso - ok
    14:30:14.0845 4912 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    14:30:14.0895 4912 KSecDD - ok
    14:30:14.0945 4912 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    14:30:15.0051 4912 KSecPkg - ok
    14:30:15.0087 4912 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    14:30:15.0097 4912 ksthunk - ok
    14:30:15.0137 4912 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    14:30:15.0167 4912 KtmRm - ok
    14:30:15.0207 4912 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
    14:30:15.0267 4912 L1C - ok
    14:30:15.0417 4912 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    14:30:15.0467 4912 LanmanServer - ok
    14:30:15.0567 4912 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    14:30:15.0634 4912 LanmanWorkstation - ok
    14:30:15.0709 4912 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    14:30:15.0719 4912 lltdio - ok
    14:30:15.0749 4912 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    14:30:15.0769 4912 lltdsvc - ok
    14:30:15.0859 4912 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    14:30:15.0869 4912 lmhosts - ok
    14:30:16.0329 4912 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    14:30:16.0439 4912 LMS - ok
    14:30:16.0519 4912 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:30:16.0529 4912 LSI_FC - ok
    14:30:16.0559 4912 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:30:16.0569 4912 LSI_SAS - ok
    14:30:16.0589 4912 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:30:16.0589 4912 LSI_SAS2 - ok
    14:30:16.0609 4912 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:30:16.0609 4912 LSI_SCSI - ok
    14:30:16.0659 4912 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    14:30:16.0669 4912 luafv - ok
    14:30:16.0769 4912 lxebCATSCustConnectService (f6963e48385a5637fc4e51dc0f8234a0) C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
    14:30:16.0839 4912 lxebCATSCustConnectService - ok
    14:30:16.0879 4912 lxeb_device - ok
    14:30:16.0959 4912 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
    14:30:17.0019 4912 MBAMProtector - ok
    14:30:17.0169 4912 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    14:30:17.0269 4912 MBAMService - ok
    14:30:17.0379 4912 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    14:30:17.0469 4912 McComponentHostService - ok
    14:30:17.0689 4912 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    14:30:17.0751 4912 McMPFSvc - ok
    14:30:17.0761 4912 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    14:30:17.0761 4912 mcmscsvc - ok
    14:30:17.0801 4912 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    14:30:17.0801 4912 McNaiAnn - ok
    14:30:17.0811 4912 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    14:30:17.0811 4912 McNASvc - ok
    14:30:17.0901 4912 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\mcafee\VirusScan\mcods.exe
    14:30:17.0961 4912 McODS - ok
    14:30:17.0971 4912 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    14:30:17.0971 4912 McOobeSv - ok
    14:30:17.0981 4912 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
    14:30:17.0981 4912 McProxy - ok
    14:30:18.0121 4912 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    14:30:18.0231 4912 McShield - ok
    14:30:18.0421 4912 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    14:30:18.0474 4912 Mcx2Svc - ok
    14:30:18.0543 4912 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    14:30:18.0543 4912 megasas - ok
    14:30:18.0623 4912 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    14:30:18.0643 4912 MegaSR - ok
    14:30:18.0693 4912 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\5C24.tmp
    14:30:18.0703 4912 MEMSWEEP2 - ok
    14:30:18.0743 4912 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
    14:30:18.0813 4912 mfeapfk - ok
    14:30:19.0103 4912 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
    14:30:19.0263 4912 mfeavfk - ok
    14:30:19.0305 4912 mfeavfk01 - ok
    14:30:19.0365 4912 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    14:30:19.0415 4912 mfefire - ok
    14:30:19.0545 4912 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
    14:30:19.0625 4912 mfefirek - ok
    14:30:19.0855 4912 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
    14:30:19.0935 4912 mfehidk - ok
    14:30:20.0005 4912 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
    14:30:20.0065 4912 mfenlfk - ok
    14:30:20.0215 4912 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
    14:30:20.0265 4912 mferkdet - ok
    14:30:20.0555 4912 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    14:30:20.0625 4912 mfevtp - ok
    14:30:20.0685 4912 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
    14:30:20.0775 4912 mfewfpk - ok
    14:30:20.0835 4912 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    14:30:20.0835 4912 MMCSS - ok
    14:30:20.0875 4912 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    14:30:20.0875 4912 Modem - ok
    14:30:20.0905 4912 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    14:30:20.0905 4912 monitor - ok
    14:30:20.0985 4912 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    14:30:20.0995 4912 mouclass - ok
    14:30:21.0015 4912 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    14:30:21.0025 4912 mouhid - ok
    14:30:21.0075 4912 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    14:30:21.0146 4912 mountmgr - ok
    14:30:21.0376 4912 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    14:30:21.0449 4912 MozillaMaintenance - ok
    14:30:21.0498 4912 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    14:30:21.0548 4912 mpio - ok
    14:30:21.0648 4912 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    14:30:21.0648 4912 mpsdrv - ok
    14:30:21.0708 4912 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    14:30:21.0778 4912 MRxDAV - ok
    14:30:21.0838 4912 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:30:21.0888 4912 mrxsmb - ok
    14:30:22.0098 4912 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:30:22.0179 4912 mrxsmb10 - ok
    14:30:22.0299 4912 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:30:22.0369 4912 mrxsmb20 - ok
    14:30:22.0419 4912 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    14:30:22.0479 4912 msahci - ok
    14:30:22.0519 4912 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    14:30:22.0599 4912 msdsm - ok
    14:30:22.0679 4912 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    14:30:22.0679 4912 MSDTC - ok
    14:30:22.0719 4912 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    14:30:22.0729 4912 Msfs - ok
    14:30:22.0739 4912 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    14:30:22.0749 4912 mshidkmdf - ok
    14:30:22.0769 4912 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    14:30:22.0779 4912 msisadrv - ok
    14:30:22.0829 4912 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    14:30:22.0829 4912 MSiSCSI - ok
    14:30:22.0839 4912 msiserver - ok
    14:30:22.0859 4912 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    14:30:22.0859 4912 MSKSSRV - ok
    14:30:22.0869 4912 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:30:22.0879 4912 MSPCLOCK - ok
    14:30:22.0899 4912 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    14:30:22.0909 4912 MSPQM - ok
    14:30:22.0979 4912 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    14:30:23.0039 4912 MsRPC - ok
    14:30:23.0159 4912 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    14:30:23.0169 4912 mssmbios - ok
    14:30:23.0199 4912 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    14:30:23.0199 4912 MSTEE - ok
    14:30:23.0239 4912 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    14:30:23.0249 4912 MTConfig - ok
    14:30:23.0329 4912 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    14:30:23.0339 4912 Mup - ok
    14:30:23.0709 4912 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    14:30:23.0759 4912 napagent - ok
    14:30:24.0229 4912 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    14:30:24.0249 4912 NativeWifiP - ok
    14:30:24.0389 4912 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    14:30:24.0479 4912 NDIS - ok
    14:30:24.0539 4912 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    14:30:24.0559 4912 NdisCap - ok
    14:30:24.0589 4912 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:30:24.0599 4912 NdisTapi - ok
    14:30:24.0759 4912 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:30:24.0820 4912 Ndisuio - ok
    14:30:24.0891 4912 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:30:24.0968 4912 NdisWan - ok
    14:30:25.0013 4912 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    14:30:25.0053 4912 NDProxy - ok
    14:30:25.0163 4912 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    14:30:25.0173 4912 NetBIOS - ok
    14:30:25.0333 4912 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    14:30:25.0383 4912 NetBT - ok
    14:30:25.0463 4912 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    14:30:25.0463 4912 Netlogon - ok
    14:30:25.0563 4912 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    14:30:25.0643 4912 Netman - ok
    14:30:26.0045 4912 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:30:26.0175 4912 NetMsmqActivator - ok
    14:30:26.0185 4912 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:30:26.0185 4912 NetPipeActivator - ok
    14:30:26.0237 4912 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    14:30:26.0257 4912 netprofm - ok
    14:30:26.0277 4912 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:30:26.0277 4912 NetTcpActivator - ok
    14:30:26.0277 4912 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    14:30:26.0287 4912 NetTcpPortSharing - ok
    14:30:26.0467 4912 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    14:30:26.0477 4912 nfrd960 - ok
    14:30:27.0229 4912 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    14:30:27.0229 4912 NlaSvc - ok
    14:30:27.0299 4912 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    14:30:27.0399 4912 Npfs - ok
    14:30:27.0429 4912 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    14:30:27.0509 4912 nsi - ok
    14:30:27.0549 4912 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    14:30:27.0589 4912 nsiproxy - ok
    14:30:29.0039 4912 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    14:30:29.0181 4912 Ntfs - ok
    14:30:29.0681 4912 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
    14:30:29.0741 4912 NuidFltr - ok
    14:30:29.0791 4912 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    14:30:29.0801 4912 Null - ok
    14:30:29.0871 4912 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    14:30:29.0971 4912 nvraid - ok
    14:30:29.0991 4912 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    14:30:30.0061 4912 nvstor - ok
    14:30:30.0101 4912 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    14:30:30.0111 4912 nv_agp - ok
    14:30:30.0181 4912 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    14:30:30.0201 4912 ohci1394 - ok
    14:30:30.0401 4912 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    14:30:30.0461 4912 ose - ok
    14:30:31.0001 4912 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    14:30:31.0274 4912 osppsvc - ok
    14:30:32.0286 4912 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    14:30:32.0306 4912 p2pimsvc - ok
    14:30:32.0356 4912 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    14:30:32.0386 4912 p2psvc - ok
    14:30:32.0436 4912 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    14:30:32.0446 4912 Parport - ok
    14:30:32.0616 4912 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    14:30:32.0686 4912 partmgr - ok
    14:30:32.0776 4912 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    14:30:32.0796 4912 PcaSvc - ok
    14:30:32.0886 4912 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    14:30:32.0958 4912 pci - ok
    14:30:33.0008 4912 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    14:30:33.0018 4912 pciide - ok
    14:30:33.0058 4912 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:30:33.0058 4912 pcmcia - ok
    14:30:33.0078 4912 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    14:30:33.0088 4912 pcw - ok
     
  5. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    14:30:33.0168 4912 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    14:30:33.0198 4912 PEAUTH - ok
    14:30:33.0318 4912 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    14:30:33.0318 4912 PerfHost - ok
    14:30:33.0418 4912 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    14:30:33.0618 4912 pla - ok
    14:30:33.0688 4912 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    14:30:33.0738 4912 PlugPlay - ok
    14:30:33.0768 4912 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    14:30:33.0778 4912 PNRPAutoReg - ok
    14:30:33.0808 4912 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    14:30:33.0808 4912 PNRPsvc - ok
    14:30:33.0888 4912 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
    14:30:33.0948 4912 Point64 - ok
    14:30:34.0088 4912 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    14:30:34.0158 4912 PolicyAgent - ok
    14:30:34.0218 4912 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    14:30:34.0228 4912 Power - ok
    14:30:34.0298 4912 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    14:30:34.0368 4912 PptpMiniport - ok
    14:30:34.0478 4912 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    14:30:34.0478 4912 Processor - ok
    14:30:34.0548 4912 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    14:30:34.0588 4912 ProfSvc - ok
    14:30:34.0658 4912 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    14:30:34.0668 4912 ProtectedStorage - ok
    14:30:35.0499 4912 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    14:30:35.0579 4912 Psched - ok
    14:30:35.0619 4912 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
    14:30:35.0709 4912 PxHlpa64 - ok
    14:30:35.0799 4912 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    14:30:35.0839 4912 ql2300 - ok
    14:30:36.0009 4912 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    14:30:36.0189 4912 ql40xx - ok
    14:30:36.0274 4912 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    14:30:36.0594 4912 QWAVE - ok
    14:30:36.0664 4912 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    14:30:36.0674 4912 QWAVEdrv - ok
    14:30:36.0704 4912 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    14:30:36.0714 4912 RasAcd - ok
    14:30:36.0744 4912 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:30:36.0754 4912 RasAgileVpn - ok
    14:30:36.0774 4912 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    14:30:36.0794 4912 RasAuto - ok
    14:30:36.0844 4912 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:30:36.0924 4912 Rasl2tp - ok
    14:30:37.0004 4912 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    14:30:37.0054 4912 RasMan - ok
    14:30:37.0144 4912 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:30:37.0154 4912 RasPppoe - ok
    14:30:37.0224 4912 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    14:30:37.0224 4912 RasSstp - ok
    14:30:37.0244 4912 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    14:30:37.0344 4912 rdbss - ok
    14:30:37.0364 4912 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    14:30:37.0374 4912 rdpbus - ok
    14:30:37.0394 4912 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:30:37.0394 4912 RDPCDD - ok
    14:30:37.0424 4912 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    14:30:37.0424 4912 RDPENCDD - ok
    14:30:37.0444 4912 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    14:30:37.0444 4912 RDPREFMP - ok
    14:30:37.0554 4912 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    14:30:37.0604 4912 RDPWD - ok
    14:30:37.0714 4912 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    14:30:37.0804 4912 rdyboost - ok
    14:30:37.0854 4912 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    14:30:37.0864 4912 RemoteAccess - ok
    14:30:37.0904 4912 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    14:30:37.0914 4912 RemoteRegistry - ok
    14:30:38.0014 4912 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    14:30:38.0024 4912 RFCOMM - ok
    14:30:38.0044 4912 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    14:30:38.0054 4912 RpcEptMapper - ok
    14:30:38.0084 4912 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    14:30:38.0084 4912 RpcLocator - ok
    14:30:38.0164 4912 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    14:30:38.0164 4912 RpcSs - ok
    14:30:38.0244 4912 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    14:30:38.0254 4912 rspndr - ok
    14:30:38.0294 4912 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
    14:30:38.0364 4912 RSUSBSTOR - ok
    14:30:38.0464 4912 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    14:30:38.0464 4912 SamSs - ok
    14:30:38.0614 4912 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    14:30:38.0664 4912 SASDIFSV - ok
    14:30:38.0714 4912 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    14:30:38.0794 4912 SASKUTIL - ok
    14:30:38.0854 4912 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    14:30:38.0904 4912 sbp2port - ok
    14:30:38.0964 4912 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    14:30:38.0984 4912 SCardSvr - ok
    14:30:39.0024 4912 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    14:30:39.0084 4912 scfilter - ok
    14:30:39.0194 4912 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    14:30:39.0404 4912 Schedule - ok
    14:30:39.0466 4912 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    14:30:39.0476 4912 SCPolicySvc - ok
    14:30:39.0556 4912 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    14:30:39.0596 4912 SDRSVC - ok
    14:30:39.0708 4912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    14:30:39.0708 4912 secdrv - ok
    14:30:39.0758 4912 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    14:30:39.0828 4912 seclogon - ok
    14:30:39.0888 4912 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    14:30:39.0898 4912 SENS - ok
    14:30:39.0938 4912 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    14:30:39.0978 4912 SensrSvc - ok
    14:30:40.0018 4912 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    14:30:40.0028 4912 Serenum - ok
    14:30:40.0038 4912 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    14:30:40.0048 4912 Serial - ok
    14:30:40.0108 4912 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    14:30:40.0108 4912 sermouse - ok
    14:30:40.0198 4912 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    14:30:40.0238 4912 SessionEnv - ok
    14:30:40.0268 4912 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    14:30:40.0268 4912 sffdisk - ok
    14:30:40.0298 4912 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    14:30:40.0298 4912 sffp_mmc - ok
    14:30:40.0318 4912 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    14:30:40.0378 4912 sffp_sd - ok
    14:30:40.0428 4912 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    14:30:40.0438 4912 sfloppy - ok
    14:30:40.0538 4912 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    14:30:40.0678 4912 Sftfs - ok
    14:30:40.0858 4912 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    14:30:40.0968 4912 sftlist - ok
    14:30:41.0218 4912 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    14:30:41.0298 4912 Sftplay - ok
    14:30:41.0398 4912 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    14:30:41.0470 4912 Sftredir - ok
    14:30:41.0640 4912 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    14:30:41.0770 4912 SftService - ok
    14:30:42.0020 4912 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    14:30:42.0110 4912 Sftvol - ok
    14:30:42.0380 4912 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    14:30:42.0470 4912 sftvsa - ok
    14:30:42.0610 4912 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    14:30:42.0830 4912 ShellHWDetection - ok
    14:30:43.0000 4912 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:30:43.0000 4912 SiSRaid2 - ok
    14:30:43.0130 4912 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    14:30:43.0130 4912 SiSRaid4 - ok
    14:30:43.0180 4912 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    14:30:43.0200 4912 Smb - ok
    14:30:43.0240 4912 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    14:30:43.0250 4912 SNMPTRAP - ok
    14:30:43.0270 4912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    14:30:43.0280 4912 spldr - ok
    14:30:43.0420 4912 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    14:30:43.0530 4912 Spooler - ok
    14:30:43.0830 4912 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    14:30:43.0850 4912 sppsvc - ok
    14:30:44.0070 4912 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    14:30:44.0080 4912 sppuinotify - ok
    14:30:44.0311 4912 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    14:30:44.0413 4912 sprtsvc_DellSupportCenter - ok
    14:30:44.0543 4912 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    14:30:44.0653 4912 srv - ok
    14:30:44.0709 4912 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    14:30:44.0795 4912 srv2 - ok
    14:30:44.0865 4912 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    14:30:44.0935 4912 srvnet - ok
    14:30:44.0995 4912 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    14:30:44.0995 4912 SSDPSRV - ok
    14:30:45.0015 4912 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    14:30:45.0025 4912 SstpSvc - ok
    14:30:45.0105 4912 Steam Client Service - ok
    14:30:45.0155 4912 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    14:30:45.0165 4912 stexstor - ok
    14:30:45.0265 4912 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    14:30:45.0335 4912 stisvc - ok
    14:30:45.0405 4912 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    14:30:45.0405 4912 swenum - ok
    14:30:45.0475 4912 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    14:30:45.0505 4912 swprv - ok
    14:30:45.0545 4912 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
    14:30:45.0655 4912 SynTP - ok
    14:30:45.0885 4912 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    14:30:45.0935 4912 SysMain - ok
    14:30:46.0215 4912 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    14:30:46.0275 4912 TabletInputService - ok
    14:30:46.0835 4912 TabletServicePen (25999f2134be3ea656d1f8d50fa089e6) C:\Windows\system32\Pen_Tablet.exe
    14:30:47.0065 4912 TabletServicePen - ok
    14:30:47.0287 4912 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    14:30:47.0337 4912 TapiSrv - ok
    14:30:47.0387 4912 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    14:30:47.0397 4912 TBS - ok
    14:30:48.0637 4912 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    14:30:48.0879 4912 Tcpip - ok
    14:30:50.0009 4912 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    14:30:50.0019 4912 TCPIP6 - ok
    14:30:50.0319 4912 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    14:30:50.0359 4912 tcpipreg - ok
    14:30:50.0429 4912 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    14:30:50.0439 4912 TDPIPE - ok
    14:30:50.0489 4912 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    14:30:50.0559 4912 TDTCP - ok
    14:30:50.0639 4912 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    14:30:50.0699 4912 tdx - ok
    14:30:50.0799 4912 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    14:30:50.0929 4912 TermDD - ok
    14:30:51.0149 4912 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    14:30:51.0260 4912 TermService - ok
    14:30:51.0340 4912 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    14:30:51.0350 4912 Themes - ok
    14:30:51.0380 4912 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    14:30:51.0380 4912 THREADORDER - ok
    14:30:51.0400 4912 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    14:30:51.0410 4912 TrkWks - ok
    14:30:51.0500 4912 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    14:30:51.0560 4912 TrustedInstaller - ok
    14:30:51.0640 4912 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:30:51.0720 4912 tssecsrv - ok
    14:30:51.0810 4912 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    14:30:51.0880 4912 TsUsbFlt - ok
    14:30:52.0170 4912 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    14:30:52.0260 4912 tunnel - ok
    14:30:52.0310 4912 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
    14:30:52.0378 4912 TurboB - ok
    14:30:52.0462 4912 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    14:30:52.0562 4912 TurboBoost - ok
    14:30:52.0712 4912 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    14:30:52.0712 4912 uagp35 - ok
    14:30:52.0782 4912 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    14:30:52.0862 4912 udfs - ok
    14:30:52.0902 4912 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    14:30:52.0912 4912 UI0Detect - ok
    14:30:52.0982 4912 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    14:30:52.0992 4912 uliagpkx - ok
    14:30:53.0042 4912 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    14:30:53.0112 4912 umbus - ok
    14:30:53.0192 4912 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    14:30:53.0192 4912 UmPass - ok
    14:30:53.0432 4912 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    14:30:53.0442 4912 UNS - ok
    14:30:53.0602 4912 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    14:30:53.0612 4912 upnphost - ok
    14:30:53.0852 4912 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
    14:30:53.0912 4912 USBAAPL64 - ok
    14:30:53.0974 4912 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:30:54.0034 4912 usbccgp - ok
    14:30:54.0214 4912 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    14:30:54.0214 4912 usbcir - ok
    14:30:54.0264 4912 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
    14:30:54.0324 4912 usbehci - ok
    14:30:54.0414 4912 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    14:30:54.0464 4912 usbhub - ok
    14:30:54.0514 4912 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
    14:30:54.0584 4912 usbohci - ok
    14:30:54.0634 4912 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    14:30:54.0634 4912 usbprint - ok
    14:30:54.0714 4912 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    14:30:54.0714 4912 usbscan - ok
    14:30:54.0774 4912 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:30:54.0824 4912 USBSTOR - ok
    14:30:54.0844 4912 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    14:30:54.0904 4912 usbuhci - ok
    14:30:54.0964 4912 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    14:30:55.0024 4912 usbvideo - ok
    14:30:55.0114 4912 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    14:30:55.0124 4912 UxSms - ok
    14:30:55.0174 4912 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    14:30:55.0174 4912 VaultSvc - ok
    14:30:55.0234 4912 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    14:30:55.0234 4912 vdrvroot - ok
    14:30:55.0304 4912 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    14:30:55.0384 4912 vds - ok
    14:30:55.0424 4912 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:30:55.0424 4912 vga - ok
    14:30:55.0444 4912 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    14:30:55.0444 4912 VgaSave - ok
    14:30:55.0504 4912 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    14:30:55.0554 4912 vhdmp - ok
    14:30:55.0594 4912 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    14:30:55.0594 4912 viaide - ok
    14:30:55.0614 4912 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    14:30:55.0684 4912 volmgr - ok
    14:30:55.0754 4912 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    14:30:55.0834 4912 volmgrx - ok
    14:30:55.0864 4912 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    14:30:55.0924 4912 volsnap - ok
    14:30:56.0064 4912 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    14:30:56.0064 4912 vsmraid - ok
    14:30:56.0184 4912 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    14:30:56.0354 4912 VSS - ok
    14:30:56.0554 4912 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    14:30:56.0704 4912 vToolbarUpdater11.2.0 - ok
    14:30:56.0914 4912 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    14:30:56.0924 4912 vwifibus - ok
    14:30:57.0004 4912 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    14:30:57.0014 4912 vwififlt - ok
    14:30:57.0044 4912 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    14:30:57.0054 4912 vwifimp - ok
    14:30:57.0134 4912 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    14:30:57.0144 4912 W32Time - ok
    14:30:57.0224 4912 wacmoumonitor (4f1fbd963f8520b7ce80ffa73ef7de1d) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    14:30:57.0274 4912 wacmoumonitor - ok
    14:30:57.0354 4912 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    14:30:57.0414 4912 wacommousefilter - ok
    14:30:57.0484 4912 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    14:30:57.0494 4912 WacomPen - ok
    14:30:57.0554 4912 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
    14:30:57.0614 4912 wacomvhid - ok
    14:30:57.0726 4912 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
    14:30:57.0786 4912 WacomVKHid - ok
    14:30:57.0896 4912 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    14:30:57.0946 4912 WANARP - ok
    14:30:57.0996 4912 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    14:30:57.0996 4912 Wanarpv6 - ok
    14:30:58.0116 4912 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    14:30:58.0376 4912 WatAdminSvc - ok
    14:30:58.0576 4912 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    14:30:58.0696 4912 wbengine - ok
    14:30:58.0946 4912 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    14:30:58.0956 4912 WbioSrvc - ok
    14:30:59.0026 4912 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    14:30:59.0086 4912 wcncsvc - ok
    14:30:59.0122 4912 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    14:30:59.0127 4912 WcsPlugInService - ok
    14:30:59.0178 4912 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    14:30:59.0188 4912 Wd - ok
    14:30:59.0328 4912 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    14:30:59.0338 4912 Wdf01000 - ok
    14:30:59.0388 4912 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    14:30:59.0398 4912 WdiServiceHost - ok
    14:30:59.0398 4912 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    14:30:59.0408 4912 WdiSystemHost - ok
    14:30:59.0478 4912 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    14:30:59.0528 4912 WebClient - ok
    14:30:59.0558 4912 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    14:30:59.0578 4912 Wecsvc - ok
    14:30:59.0598 4912 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    14:30:59.0598 4912 wercplsupport - ok
    14:30:59.0648 4912 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    14:30:59.0648 4912 WerSvc - ok
    14:30:59.0708 4912 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    14:30:59.0718 4912 WfpLwf - ok
    14:30:59.0768 4912 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
    14:30:59.0828 4912 WimFltr - ok
    14:30:59.0888 4912 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    14:30:59.0888 4912 WIMMount - ok
    14:30:59.0898 4912 WinHttpAutoProxySvc - ok
    14:30:59.0968 4912 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    14:30:59.0968 4912 Winmgmt - ok
    14:31:00.0108 4912 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    14:31:00.0268 4912 WinRM - ok
    14:31:00.0448 4912 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    14:31:00.0508 4912 WinUsb - ok
    14:31:00.0620 4912 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    14:31:00.0780 4912 Wlansvc - ok
    14:31:00.0990 4912 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    14:31:01.0060 4912 wltrysvc - ok
    14:31:01.0130 4912 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    14:31:01.0130 4912 WmiAcpi - ok
    14:31:01.0190 4912 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    14:31:01.0200 4912 wmiApSrv - ok
    14:31:01.0260 4912 WMPNetworkSvc - ok
    14:31:01.0291 4912 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    14:31:01.0301 4912 WPCSvc - ok
    14:31:01.0351 4912 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    14:31:01.0401 4912 WPDBusEnum - ok
    14:31:01.0421 4912 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    14:31:01.0421 4912 ws2ifsl - ok
    14:31:01.0433 4912 WSearch - ok
    14:31:01.0523 4912 WTouchService (21903f2fc8f70c1fc2aaaa2f06c2c665) C:\Program Files\WTouch\WTouchService.exe
    14:31:01.0603 4912 WTouchService - ok
    14:31:02.0675 4912 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    14:31:02.0715 4912 wuauserv - ok
    14:31:03.0015 4912 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    14:31:03.0075 4912 WudfPf - ok
    14:31:03.0147 4912 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:31:03.0207 4912 WUDFRd - ok
    14:31:03.0457 4912 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    14:31:03.0507 4912 wudfsvc - ok
    14:31:03.0547 4912 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    14:31:03.0567 4912 WwanSvc - ok
    14:31:03.0617 4912 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    14:31:03.0664 4912 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    14:31:03.0664 4912 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    14:31:03.0719 4912 Boot (0x1200) (79ed531b8aef9bad535b4adefc409b13) \Device\Harddisk0\DR0\Partition0
    14:31:03.0719 4912 \Device\Harddisk0\DR0\Partition0 - ok
    14:31:03.0729 4912 Boot (0x1200) (2340c985aa75654c7597e3a6ea3097d0) \Device\Harddisk0\DR0\Partition1
    14:31:03.0739 4912 \Device\Harddisk0\DR0\Partition1 - ok
    14:31:03.0739 4912 ============================================================
    14:31:03.0739 4912 Scan finished
    14:31:03.0739 4912 ============================================================
    14:31:03.0749 3672 Detected object count: 1
    14:31:03.0749 3672 Actual detected object count: 1
    14:31:41.0679 3672 \Device\Harddisk0\DR0\# - copied to quarantine
    14:31:41.0689 3672 \Device\Harddisk0\DR0 - copied to quarantine
    14:31:42.0021 3672 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    14:31:42.0231 3672 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    14:31:42.0301 3672 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    14:31:56.0425 3672 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    14:31:56.0525 3672 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    14:31:56.0805 3672 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    14:31:56.0965 3672 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    14:31:56.0995 3672 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    14:31:57.0015 3672 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    14:31:57.0035 3672 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    14:31:57.0315 3672 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    14:31:57.0465 3672 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    14:31:57.0465 3672 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    14:31:57.0525 3672 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    14:31:57.0555 3672 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    14:31:57.0705 3672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    14:31:57.0755 3672 \Device\Harddisk0\DR0 - ok
    14:31:57.0865 3672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    14:43:15.0689 2684 Deinitialize success
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    RK gave me the option to remove selected files, which I did not do, since I was unsure if I should.

    RogueKiller V7.6.3 [07/08/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: Kyle [Admin rights]
    Mode: Scan -- Date: 07/16/2012 18:32:38

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 5 ¤¤¤
    [ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\n.) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> FOUND
    [ZeroAccess][FILE] @ : c:\users\kyle\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\users\kyle\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\users\kyle\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500325AS +++++
    --- User ---
    [MBR] dd6967e897e9549401c89a8d9f38da4a
    [BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    -------------------------------------------------------------------------------------------------------------------------

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-16 18:35:03
    -----------------------------
    18:35:03.602 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:35:03.602 Number of processors: 4 586 0x2505
    18:35:03.603 ComputerName: KYLE-PC UserName: Kyle
    18:35:05.118 Initialize success
    18:41:07.741 AVAST engine defs: 12071601
    18:42:18.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    18:42:18.974 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
    18:42:18.990 Disk 0 MBR read successfully
    18:42:18.990 Disk 0 MBR scan
    18:42:18.990 Disk 0 Windows VISTA default MBR code
    18:42:18.990 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
    18:42:19.005 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208845
    18:42:19.021 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928845
    18:42:19.071 Disk 0 scanning C:\Windows\system32\drivers
    18:42:36.598 Service scanning
    18:43:08.986 Modules scanning
    18:43:08.986 Disk 0 trace - called modules:
    18:43:09.017 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    18:43:09.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5d790]
    18:43:09.017 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004998050]
    18:43:10.468 AVAST engine scan C:\Windows
    18:43:13.323 AVAST engine scan C:\Windows\system32
    18:46:36.901 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    18:46:41.347 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    18:49:39.781 AVAST engine scan C:\Windows\system32\drivers
    18:50:00.748 AVAST engine scan C:\Users\Kyle
    18:54:58.729 File: C:\Users\Kyle\AppData\Local\Temp\E2A7.tmp **INFECTED** Win32:Crypt-NBS [Trj]
    19:12:25.929 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
    19:12:25.929 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Yeah, we removed TDSS infection but you're also infected with ZeroAccess rootkit.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  9. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 18-07-2012 15:01:17
    Running from E:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
    HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
    HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.)
    HKLM\...\Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [770728 2011-01-23] ()
    HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [148280 2011-01-23] ()
    HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
    HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
    HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1557160 2012-04-09] (Ask)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [x]
    HKLM-x32\...\Run: [Jaksta Free Video History] "C:\Program Files (x86)\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe" -monitor [x]
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKU\Kyle\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
    HKU\Kyle\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
    HKU\Kyle\...\Run: [Facebook Update] "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
    HKU\Kyle\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-20] (SUPERAntiSpyware.com)
    HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-08] (Dell)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Kyle\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

    ==================== Services (Whitelisted) ======

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
    2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
    2 lxeb_device; C:\Windows\system32\lxebcoms.exe -service [1052328 2010-04-14] ( )
    2 lxeb_device; C:\Windows\SysWow64\lxebcoms.exe -service [598696 2010-04-14] ( )
    4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
    4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
    2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
    2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()
    2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)

    ========================== Drivers (Whitelisted) =============

    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    3 MEMSWEEP2; \??\C:\Windows\system32\5C24.tmp [6144 2011-05-12] (Sophos Plc)
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
    1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
    0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
    3 ALSysIO; \??\C:\Users\Kyle\AppData\Local\Temp\ALSysIO64.sys [x]
    3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
    3 mfeavfk01; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-18 06:25 - 2012-07-18 06:25 - 01437107 ____A (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
    2012-07-18 06:17 - 2012-07-18 06:17 - 00012812 ____A C:\Users\Kyle\.recently-used.xbel
    2012-07-18 04:26 - 2012-07-18 06:21 - 00000000 ____D C:\Users\Kyle\Desktop\Headshots
    2012-07-17 01:31 - 2012-07-17 01:31 - 00001177 ____A C:\Users\Kyle\Desktop\FrostWire 5.3.8.lnk
    2012-07-16 21:12 - 2012-07-16 21:12 - 00002104 ____A C:\Users\Kyle\Desktop\aswMBR.txt
    2012-07-16 21:12 - 2012-07-16 21:12 - 00000512 ____A C:\Users\Kyle\Desktop\MBR.dat
    2012-07-16 20:32 - 2012-07-16 20:32 - 00002356 ____A C:\Users\Kyle\Desktop\RKreport[1].txt
    2012-07-16 20:32 - 2012-07-16 20:32 - 00000000 ____D C:\Users\Kyle\Desktop\RK_Quarantine
    2012-07-16 20:29 - 2012-07-16 20:30 - 04731392 ____A (AVAST Software) C:\Users\Kyle\Desktop\aswMBR.exe
    2012-07-16 20:29 - 2012-07-16 20:29 - 01558528 ____A C:\Users\Kyle\Desktop\RogueKiller.exe
    2012-07-16 16:31 - 2012-07-16 16:31 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-07-16 16:25 - 2012-07-16 16:25 - 00000121 ____A C:\Users\Kyle\Desktop\[Active] - Random Audio and Advertisements in Background - TechSpot Forums.URL
    2012-07-16 16:24 - 2012-07-09 14:48 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\TDSSKiller.exe
    2012-07-16 16:24 - 2011-01-01 03:14 - 00002254 ___RA C:\Users\Kyle\Desktop\eula.txt
    2012-07-16 16:12 - 2012-07-16 16:12 - 00275520 ____A C:\Windows\Minidump\071612-27378-01.dmp
    2012-07-15 23:21 - 2012-07-15 23:21 - 00014894 ____A C:\Users\Kyle\Desktop\Attach.txt
    2012-07-15 23:20 - 2012-07-15 23:20 - 00032953 ____A C:\Users\Kyle\Desktop\DDS.txt
    2012-07-15 20:14 - 2012-07-15 20:14 - 00000411 ____A C:\Users\Kyle\Desktop\gmer.log
    2012-07-15 18:01 - 2012-07-15 18:01 - 00607260 ____R (Swearware) C:\Users\Kyle\Desktop\dds.scr
    2012-07-15 17:55 - 2012-07-15 17:55 - 00302592 ____A C:\Users\Kyle\Desktop\49d6xyh7.exe
    2012-07-15 15:56 - 2012-07-15 15:56 - 00275520 ____A C:\Windows\Minidump\071512-24320-01.dmp
    2012-07-15 01:28 - 2012-07-15 01:28 - 00275520 ____A C:\Windows\Minidump\071412-26410-01.dmp
    2012-07-14 15:43 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-07-13 22:08 - 2012-07-13 22:42 - 108474942 ____A C:\Users\Kyle\Downloads\69458.mp4
    2012-07-13 19:39 - 2012-07-13 19:39 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-13 19:39 - 2012-07-13 19:39 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-13 19:39 - 2012-07-13 19:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-13 19:39 - 2012-07-03 15:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-13 19:38 - 2012-07-13 19:39 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-13 19:33 - 2012-07-13 19:33 - 00000000 ____D C:\Users\Kyle\Downloads\backups
    2012-07-13 19:28 - 2012-07-13 19:37 - 00017931 ____A C:\Users\Kyle\Downloads\hijackthis.log
    2012-07-13 19:26 - 2012-07-13 19:26 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kyle\Downloads\HijackThis.exe
    2012-07-13 15:23 - 2012-07-13 15:37 - 00022045 ____A C:\JavaRa.log
    2012-07-13 15:23 - 2012-07-13 15:23 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-07-13 15:22 - 2012-07-13 15:21 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-13 15:22 - 2012-07-13 15:21 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-13 15:22 - 2012-07-06 00:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-13 15:22 - 2012-07-06 00:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-13 15:18 - 2012-07-13 15:18 - 00893936 ____A (Oracle Corporation) C:\Users\Kyle\Downloads\jxpiinstall.exe
    2012-07-12 15:02 - 2012-07-12 15:37 - 00000000 ____D C:\Users\Kyle\My Documents\Ant Videos Relocated
    2012-07-12 15:02 - 2012-07-12 15:37 - 00000000 ____D C:\Users\Kyle\Documents\Ant Videos Relocated
    2012-07-12 14:31 - 2012-07-12 14:31 - 00275520 ____A C:\Windows\Minidump\071212-80605-01.dmp
    2012-07-12 03:08 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-12 03:07 - 2012-07-12 03:07 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-07-11 15:23 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 15:23 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 15:23 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 15:22 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 15:22 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 15:22 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 15:22 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 15:22 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 15:22 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 15:22 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 15:22 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 15:22 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 15:22 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 15:22 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 15:22 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 15:22 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 15:22 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 15:22 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 15:22 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-10 18:35 - 2012-07-10 18:36 - 00275520 ____A C:\Windows\Minidump\071012-27534-01.dmp
    2012-07-10 01:39 - 2012-07-10 16:37 - 00000000 ____D C:\Users\Kyle\Local Settings\Bit.Trip Beat
    2012-07-10 01:39 - 2012-07-10 16:37 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Bit.Trip Beat
    2012-07-10 01:39 - 2012-07-10 16:37 - 00000000 ____D C:\Users\Kyle\AppData\Local\Bit.Trip Beat
    2012-07-10 01:34 - 2012-07-10 01:34 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-07-10 01:34 - 2012-07-10 01:34 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-07-10 01:34 - 2012-07-10 01:34 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-07-10 01:34 - 2012-07-10 01:34 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-10 01:34 - 2012-07-10 01:34 - 00000000 ____D C:\Program Files (x86)\OpenAL
    2012-07-09 20:29 - 2012-07-09 20:30 - 00275520 ____A C:\Windows\Minidump\070912-30638-01.dmp
    2012-07-07 20:08 - 2012-07-07 20:08 - 00275520 ____A C:\Windows\Minidump\070712-22354-01.dmp
    2012-07-07 05:01 - 2012-07-07 05:01 - 00275520 ____A C:\Windows\Minidump\070712-21122-01.dmp
    2012-07-07 02:42 - 2012-07-07 02:42 - 00275520 ____A C:\Windows\Minidump\070712-26956-01.dmp
    2012-07-06 15:46 - 2012-07-06 15:46 - 00275520 ____A C:\Windows\Minidump\070612-34367-01.dmp
    2012-07-06 04:13 - 2012-07-06 04:13 - 00275520 ____A C:\Windows\Minidump\070612-33571-01.dmp
    2012-07-06 02:13 - 2012-07-06 02:13 - 00275520 ____A C:\Windows\Minidump\070612-31090-01.dmp
    2012-07-05 19:22 - 2012-07-05 19:22 - 00275520 ____A C:\Windows\Minidump\070512-32900-01.dmp
    2012-07-04 21:24 - 2012-07-04 21:24 - 00275520 ____A C:\Windows\Minidump\070412-24726-01.dmp
    2012-07-02 02:56 - 2012-07-02 02:56 - 00000000 ____A C:\Windows\SysWOW64\shoD00D.tmp
    2012-07-01 04:19 - 2012-07-01 04:19 - 00275520 ____A C:\Windows\Minidump\070112-29624-01.dmp
    2012-07-01 03:26 - 2012-07-01 03:26 - 00000000 ____D C:\DataSafeOnline
    2012-06-30 00:02 - 2012-06-30 00:02 - 00275520 ____A C:\Windows\Minidump\062912-32853-01.dmp
    2012-06-29 03:32 - 2012-06-29 03:32 - 00275520 ____A C:\Windows\Minidump\062912-24538-01.dmp
    2012-06-28 19:01 - 2012-06-28 19:01 - 00000000 __SHD C:\found.000
    2012-06-28 15:35 - 2012-06-28 15:35 - 00000790 ____A C:\Users\Kyle\Desktop\Core Temp.lnk
    2012-06-28 00:06 - 2012-06-28 16:23 - 00000419 ____A C:\Users\Kyle\Application Data\All CPU Meter_Settings.ini
    2012-06-28 00:06 - 2012-06-28 16:23 - 00000419 ____A C:\Users\Kyle\AppData\Roaming\All CPU Meter_Settings.ini
    2012-06-28 00:06 - 2012-06-28 00:06 - 01265164 ____A (Arthur Liberman ) C:\Users\Kyle\Downloads\Core-Temp-setup.exe
    2012-06-27 23:40 - 2012-06-27 23:40 - 00275520 ____A C:\Windows\Minidump\062712-18501-01.dmp
    2012-06-27 20:17 - 2012-06-27 20:17 - 00275520 ____A C:\Windows\Minidump\062712-53929-01.dmp
    2012-06-27 18:22 - 2012-06-27 18:22 - 00275520 ____A C:\Windows\Minidump\062712-25677-01.dmp
    2012-06-26 20:09 - 2012-06-26 20:09 - 00275520 ____A C:\Windows\Minidump\062612-24382-01.dmp
    2012-06-25 19:41 - 2012-06-25 19:41 - 00275520 ____A C:\Windows\Minidump\062512-70746-01.dmp
    2012-06-24 17:52 - 2012-06-24 17:52 - 00000000 ____D C:\Users\Kyle\Local Settings\Lazy 8 Studios
    2012-06-24 17:52 - 2012-06-24 17:52 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Lazy 8 Studios
    2012-06-24 17:52 - 2012-06-24 17:52 - 00000000 ____D C:\Users\Kyle\AppData\Local\Lazy 8 Studios
    2012-06-24 01:32 - 2012-06-24 01:32 - 00275520 ____A C:\Windows\Minidump\062312-26707-02.dmp
    2012-06-23 05:01 - 2012-06-23 05:01 - 00275520 ____A C:\Windows\Minidump\062312-24336-01.dmp
    2012-06-23 03:04 - 2012-06-23 03:04 - 00275520 ____A C:\Windows\Minidump\062312-26707-01.dmp
    2012-06-22 13:07 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-22 13:07 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-22 13:07 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-22 13:07 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-22 13:06 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-22 13:06 - 2012-06-02 17:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-22 13:06 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-22 13:06 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-22 13:06 - 2012-06-02 17:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-22 03:09 - 2012-06-22 03:09 - 00275520 ____A C:\Windows\Minidump\062212-27736-01.dmp
    2012-06-20 04:47 - 2012-06-20 04:47 - 00275520 ____A C:\Windows\Minidump\062012-25240-01.dmp
    2012-06-19 19:40 - 2012-06-19 19:40 - 00275520 ____A C:\Windows\Minidump\061912-19843-01.dmp
    2012-06-19 17:20 - 2012-06-19 17:20 - 00000000 ____D C:\Users\Kyle\Local Settings\Microsoft Games
    2012-06-19 17:20 - 2012-06-19 17:20 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Microsoft Games
    2012-06-19 17:20 - 2012-06-19 17:20 - 00000000 ____D C:\Users\Kyle\AppData\Local\Microsoft Games
    2012-06-18 15:19 - 2012-06-18 17:11 - 00000000 ____D C:\Users\Kyle\My Documents\My Free Media
    2012-06-18 15:19 - 2012-06-18 17:11 - 00000000 ____D C:\Users\Kyle\Documents\My Free Media
    2012-06-18 15:19 - 2012-06-18 15:19 - 00000000 ____D C:\Users\Kyle\Local Settings\Jaksta_Technologies_Pty_L
    2012-06-18 15:19 - 2012-06-18 15:19 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Jaksta_Technologies_Pty_L
    2012-06-18 15:19 - 2012-06-18 15:19 - 00000000 ____D C:\Users\Kyle\AppData\Local\Jaksta_Technologies_Pty_L
    2012-06-18 15:18 - 2012-06-19 19:40 - 00000000 ____D C:\Program Files (x86)\Jaksta Technologies
    2012-06-18 15:17 - 2012-06-18 15:18 - 05525728 ____A (Jaksta Technologies) C:\Users\Kyle\Downloads\FreeMediaRecorderToolbar.exe
    2012-06-18 03:57 - 2012-06-18 03:57 - 07106104 ____A (Applian Technologies Inc.) C:\Users\Kyle\Downloads\FCTBSetup(3).exe


    ============ 3 Months Modified Files ========================

    2012-07-18 06:38 - 2011-10-06 14:40 - 00047039 ____A C:\Users\All Users\lxebscan.log
    2012-07-18 06:38 - 2011-10-06 14:40 - 00047039 ____A C:\Users\All Users\Application Data\lxebscan.log
    2012-07-18 06:37 - 2011-12-30 19:58 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-18 06:37 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-18 06:37 - 2009-07-13 23:51 - 00069453 ____A C:\Windows\setupact.log
    2012-07-18 06:30 - 2010-11-24 01:57 - 01162184 ____A C:\Windows\PFRO.log
    2012-07-18 06:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 06:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 06:29 - 2009-07-14 00:10 - 01067462 ____A C:\Windows\WindowsUpdate.log
    2012-07-18 06:25 - 2012-07-18 06:25 - 01437107 ____A (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
    2012-07-18 06:17 - 2012-07-18 06:17 - 00012812 ____A C:\Users\Kyle\.recently-used.xbel
    2012-07-18 06:13 - 2011-12-30 19:59 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-18 05:54 - 2012-03-30 00:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-18 05:37 - 2012-01-30 00:27 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001UA.job
    2012-07-18 04:08 - 2012-01-30 00:27 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001Core.job
    2012-07-18 04:05 - 2009-07-14 00:13 - 00780196 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-17 01:31 - 2012-07-17 01:31 - 00001177 ____A C:\Users\Kyle\Desktop\FrostWire 5.3.8.lnk
    2012-07-16 21:12 - 2012-07-16 21:12 - 00002104 ____A C:\Users\Kyle\Desktop\aswMBR.txt
    2012-07-16 21:12 - 2012-07-16 21:12 - 00000512 ____A C:\Users\Kyle\Desktop\MBR.dat
    2012-07-16 20:32 - 2012-07-16 20:32 - 00002356 ____A C:\Users\Kyle\Desktop\RKreport[1].txt
    2012-07-16 20:30 - 2012-07-16 20:29 - 04731392 ____A (AVAST Software) C:\Users\Kyle\Desktop\aswMBR.exe
    2012-07-16 20:29 - 2012-07-16 20:29 - 01558528 ____A C:\Users\Kyle\Desktop\RogueKiller.exe
    2012-07-16 16:25 - 2012-07-16 16:25 - 00000121 ____A C:\Users\Kyle\Desktop\[Active] - Random Audio and Advertisements in Background - TechSpot Forums.URL
    2012-07-16 16:12 - 2012-07-16 16:12 - 00275520 ____A C:\Windows\Minidump\071612-27378-01.dmp
    2012-07-16 16:11 - 2010-12-30 02:33 - 392310018 ____A C:\Windows\MEMORY.DMP
    2012-07-16 05:08 - 2011-10-12 01:25 - 00004964 ____A C:\Users\All Users\lxeb.log
    2012-07-16 05:08 - 2011-10-12 01:25 - 00004964 ____A C:\Users\All Users\Application Data\lxeb.log
    2012-07-15 23:21 - 2012-07-15 23:21 - 00014894 ____A C:\Users\Kyle\Desktop\Attach.txt
    2012-07-15 23:20 - 2012-07-15 23:20 - 00032953 ____A C:\Users\Kyle\Desktop\DDS.txt
    2012-07-15 20:14 - 2012-07-15 20:14 - 00000411 ____A C:\Users\Kyle\Desktop\gmer.log
    2012-07-15 18:01 - 2012-07-15 18:01 - 00607260 ____R (Swearware) C:\Users\Kyle\Desktop\dds.scr
    2012-07-15 17:55 - 2012-07-15 17:55 - 00302592 ____A C:\Users\Kyle\Desktop\49d6xyh7.exe
    2012-07-15 15:56 - 2012-07-15 15:56 - 00275520 ____A C:\Windows\Minidump\071512-24320-01.dmp
    2012-07-15 01:28 - 2012-07-15 01:28 - 00275520 ____A C:\Windows\Minidump\071412-26410-01.dmp
    2012-07-13 22:42 - 2012-07-13 22:08 - 108474942 ____A C:\Users\Kyle\Downloads\69458.mp4
    2012-07-13 19:39 - 2012-07-13 19:39 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-13 19:39 - 2012-07-13 19:39 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-13 19:39 - 2012-07-13 19:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.62.0.1300.exe
    2012-07-13 19:37 - 2012-07-13 19:28 - 00017931 ____A C:\Users\Kyle\Downloads\hijackthis.log
    2012-07-13 19:26 - 2012-07-13 19:26 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kyle\Downloads\HijackThis.exe
    2012-07-13 15:37 - 2012-07-13 15:23 - 00022045 ____A C:\JavaRa.log
    2012-07-13 15:21 - 2012-07-13 15:22 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-07-13 15:21 - 2012-07-13 15:22 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-07-13 15:18 - 2012-07-13 15:18 - 00893936 ____A (Oracle Corporation) C:\Users\Kyle\Downloads\jxpiinstall.exe
    2012-07-12 14:31 - 2012-07-12 14:31 - 00275520 ____A C:\Windows\Minidump\071212-80605-01.dmp
    2012-07-12 14:28 - 2009-07-13 23:45 - 00426904 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-12 03:07 - 2012-07-12 03:07 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-07-12 03:01 - 2010-12-10 14:17 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-11 18:54 - 2012-03-30 00:12 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-11 18:54 - 2011-05-13 10:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-11 05:05 - 2011-02-11 16:47 - 00774412 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-10 18:36 - 2012-07-10 18:35 - 00275520 ____A C:\Windows\Minidump\071012-27534-01.dmp
    2012-07-10 01:34 - 2012-07-10 01:34 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
    2012-07-10 01:34 - 2012-07-10 01:34 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2012-07-10 01:34 - 2012-07-10 01:34 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
    2012-07-10 01:34 - 2012-07-10 01:34 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2012-07-09 20:30 - 2012-07-09 20:29 - 00275520 ____A C:\Windows\Minidump\070912-30638-01.dmp
    2012-07-09 18:30 - 2011-10-09 13:08 - 00011141 ____A C:\Users\All Users\lxebJSW.log
    2012-07-09 18:30 - 2011-10-09 13:08 - 00011141 ____A C:\Users\All Users\Application Data\lxebJSW.log
    2012-07-09 14:48 - 2012-07-16 16:24 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\TDSSKiller.exe
    2012-07-07 20:08 - 2012-07-07 20:08 - 00275520 ____A C:\Windows\Minidump\070712-22354-01.dmp
    2012-07-07 05:01 - 2012-07-07 05:01 - 00275520 ____A C:\Windows\Minidump\070712-21122-01.dmp
    2012-07-07 02:42 - 2012-07-07 02:42 - 00275520 ____A C:\Windows\Minidump\070712-26956-01.dmp
    2012-07-06 15:46 - 2012-07-06 15:46 - 00275520 ____A C:\Windows\Minidump\070612-34367-01.dmp
    2012-07-06 04:13 - 2012-07-06 04:13 - 00275520 ____A C:\Windows\Minidump\070612-33571-01.dmp
    2012-07-06 02:13 - 2012-07-06 02:13 - 00275520 ____A C:\Windows\Minidump\070612-31090-01.dmp
    2012-07-06 00:06 - 2012-07-13 15:22 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-06 00:06 - 2012-07-13 15:22 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-06 00:06 - 2010-11-24 00:05 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-05 19:22 - 2012-07-05 19:22 - 00275520 ____A C:\Windows\Minidump\070512-32900-01.dmp
    2012-07-04 21:24 - 2012-07-04 21:24 - 00275520 ____A C:\Windows\Minidump\070412-24726-01.dmp
    2012-07-03 15:46 - 2012-07-13 19:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 02:56 - 2012-07-02 02:56 - 00000000 ____A C:\Windows\SysWOW64\shoD00D.tmp
    2012-07-01 04:19 - 2012-07-01 04:19 - 00275520 ____A C:\Windows\Minidump\070112-29624-01.dmp
    2012-06-30 00:02 - 2012-06-30 00:02 - 00275520 ____A C:\Windows\Minidump\062912-32853-01.dmp
    2012-06-29 03:32 - 2012-06-29 03:32 - 00275520 ____A C:\Windows\Minidump\062912-24538-01.dmp
    2012-06-28 16:23 - 2012-06-28 00:06 - 00000419 ____A C:\Users\Kyle\Application Data\All CPU Meter_Settings.ini
    2012-06-28 16:23 - 2012-06-28 00:06 - 00000419 ____A C:\Users\Kyle\AppData\Roaming\All CPU Meter_Settings.ini
    2012-06-28 15:35 - 2012-06-28 15:35 - 00000790 ____A C:\Users\Kyle\Desktop\Core Temp.lnk
    2012-06-28 00:06 - 2012-06-28 00:06 - 01265164 ____A (Arthur Liberman ) C:\Users\Kyle\Downloads\Core-Temp-setup.exe
    2012-06-27 23:40 - 2012-06-27 23:40 - 00275520 ____A C:\Windows\Minidump\062712-18501-01.dmp
    2012-06-27 20:17 - 2012-06-27 20:17 - 00275520 ____A C:\Windows\Minidump\062712-53929-01.dmp
    2012-06-27 18:22 - 2012-06-27 18:22 - 00275520 ____A C:\Windows\Minidump\062712-25677-01.dmp
    2012-06-26 20:09 - 2012-06-26 20:09 - 00275520 ____A C:\Windows\Minidump\062612-24382-01.dmp
    2012-06-25 19:41 - 2012-06-25 19:41 - 00275520 ____A C:\Windows\Minidump\062512-70746-01.dmp
    2012-06-24 01:32 - 2012-06-24 01:32 - 00275520 ____A C:\Windows\Minidump\062312-26707-02.dmp
    2012-06-23 14:48 - 2009-07-14 00:08 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-23 05:01 - 2012-06-23 05:01 - 00275520 ____A C:\Windows\Minidump\062312-24336-01.dmp
    2012-06-23 03:04 - 2012-06-23 03:04 - 00275520 ____A C:\Windows\Minidump\062312-26707-01.dmp
    2012-06-22 03:09 - 2012-06-22 03:09 - 00275520 ____A C:\Windows\Minidump\062212-27736-01.dmp
    2012-06-20 04:47 - 2012-06-20 04:47 - 00275520 ____A C:\Windows\Minidump\062012-25240-01.dmp
    2012-06-19 19:40 - 2012-06-19 19:40 - 00275520 ____A C:\Windows\Minidump\061912-19843-01.dmp
    2012-06-18 15:18 - 2012-06-18 15:17 - 05525728 ____A (Jaksta Technologies) C:\Users\Kyle\Downloads\FreeMediaRecorderToolbar.exe
    2012-06-18 03:57 - 2012-06-18 03:57 - 07106104 ____A (Applian Technologies Inc.) C:\Users\Kyle\Downloads\FCTBSetup(3).exe
    2012-06-17 23:49 - 2012-06-17 23:46 - 07106104 ____A (Applian Technologies Inc.) C:\Users\Kyle\Downloads\FCTBSetup(2).exe
    2012-06-17 20:23 - 2012-06-17 20:23 - 00262144 ____A C:\Windows\Minidump\061712-31886-01.dmp
    2012-06-17 20:13 - 2012-06-17 20:13 - 00275520 ____A C:\Windows\Minidump\061712-25786-01.dmp
    2012-06-17 20:09 - 2012-06-17 20:09 - 12199736 ____A (Applian Technologies Inc.) C:\Users\Kyle\Downloads\FCTBSetup(1).exe
    2012-06-17 19:07 - 2012-06-17 19:06 - 00275520 ____A C:\Windows\Minidump\061712-32557-01.dmp
    2012-06-17 16:57 - 2012-06-17 16:57 - 00275520 ____A C:\Windows\Minidump\061712-21091-01.dmp
    2012-06-17 02:56 - 2012-06-17 02:56 - 00262144 ____A C:\Windows\Minidump\061712-21652-01.dmp
    2012-06-15 17:09 - 2012-06-15 17:08 - 00275520 ____A C:\Windows\Minidump\061512-33571-01.dmp
    2012-06-15 14:43 - 2012-06-15 14:43 - 00275520 ____A C:\Windows\Minidump\061512-25958-01.dmp
    2012-06-13 13:40 - 2012-06-13 13:40 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-06-13 13:40 - 2012-06-13 13:40 - 00001745 ____A C:\Users\All Users\Desktop\iTunes.lnk
    2012-06-13 05:01 - 2012-06-13 05:01 - 00275520 ____A C:\Windows\Minidump\061312-27502-01.dmp
    2012-06-11 22:08 - 2012-07-12 03:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 00:13 - 2012-06-11 00:13 - 00275520 ____A C:\Windows\Minidump\061012-21372-01.dmp
    2012-06-10 21:45 - 2012-06-10 21:45 - 00275520 ____A C:\Windows\Minidump\061012-22386-01.dmp
    2012-06-09 00:43 - 2012-07-11 15:22 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 23:41 - 2012-07-11 15:22 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-07 02:37 - 2012-01-05 14:35 - 00001082 ____A C:\Users\Public\Desktop\Unity.lnk
    2012-06-07 02:37 - 2012-01-05 14:35 - 00001082 ____A C:\Users\All Users\Desktop\Unity.lnk
    2012-06-07 02:26 - 2012-06-07 02:19 - 533266928 ____A (Unity Technologies ApS) C:\Users\Kyle\Downloads\UnitySetup-3.5.2.exe
    2012-06-06 01:06 - 2012-07-11 15:23 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-06 01:06 - 2012-07-11 15:23 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-06 01:02 - 2012-07-11 15:22 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-06 00:05 - 2012-07-11 15:23 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-06 00:05 - 2012-07-11 15:22 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-06 00:03 - 2012-07-11 15:22 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 17:19 - 2012-06-22 13:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 17:19 - 2012-06-22 13:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 17:19 - 2012-06-22 13:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 17:19 - 2012-06-22 13:06 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 17:19 - 2012-06-22 13:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 17:19 - 2012-06-22 13:06 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 17:15 - 2012-06-22 13:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 17:15 - 2012-06-22 13:06 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 17:15 - 2012-06-22 13:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:52 - 2012-06-02 04:52 - 00058640 ____A C:\feathers.xcf
    2012-06-02 00:50 - 2012-07-11 15:22 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-02 00:48 - 2012-07-11 15:22 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-02 00:48 - 2012-07-11 15:22 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-02 00:45 - 2012-07-11 15:22 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-02 00:44 - 2012-07-11 15:22 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 23:40 - 2012-07-11 15:22 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 23:40 - 2012-07-11 15:22 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 23:39 - 2012-07-11 15:22 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 23:34 - 2012-07-11 15:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-06-01 17:40 - 2012-06-01 17:40 - 00001899 ____A C:\Users\Public\Desktop\Blender.lnk
    2012-06-01 17:40 - 2012-06-01 17:40 - 00001899 ____A C:\Users\All Users\Desktop\Blender.lnk
    2012-06-01 17:37 - 2012-06-01 17:36 - 33231558 ____A C:\Users\Kyle\Downloads\blender-2.63a-release-windows64.exe
    2012-05-28 16:50 - 2012-05-28 16:50 - 00035521 ____A C:\Users\Kyle\Downloads\Banned_episode.htm
    2012-05-26 03:50 - 2011-04-29 00:08 - 00003584 ____A C:\Users\Kyle\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-26 03:50 - 2011-04-29 00:08 - 00003584 ____A C:\Users\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-26 03:50 - 2011-04-29 00:08 - 00003584 ____A C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-05-22 19:40 - 2012-05-22 19:40 - 01410192 ____A C:\Users\Kyle\Downloads\sar_15_sfx.exe
    2012-05-22 02:49 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini
    2012-05-21 17:07 - 2010-12-07 17:42 - 00114976 ____A C:\Users\Kyle\Local Settings\GDIPFONTCACHEV1.DAT
    2012-05-21 17:07 - 2010-12-07 17:42 - 00114976 ____A C:\Users\Kyle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2012-05-21 17:07 - 2010-12-07 17:42 - 00114976 ____A C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-21 16:58 - 2012-05-21 18:29 - 00003021 ____A C:\Users\Kyle\Desktop\Microsoft Word 2010.lnk
    2012-05-21 04:22 - 2012-05-21 04:22 - 00000091 ____A C:\Users\Kyle\Desktop\Google Redirect Virus - Yahoo! Answers.URL
    2012-05-21 00:42 - 2012-05-21 00:42 - 00017482 ____A C:\Users\Kyle\Downloads\Primordus.htm
    2012-05-20 18:19 - 2012-05-20 18:19 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-05-20 18:19 - 2012-05-20 18:19 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    2012-05-20 18:17 - 2012-05-20 18:16 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Kyle\Downloads\SUPERAntiSpyware.exe
    2012-05-20 18:17 - 2012-05-20 18:16 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.61.0.1400.exe
    2012-05-16 22:55 - 2012-05-16 22:55 - 03897504 ____A (AVG Technologies) C:\Users\Kyle\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
    2012-05-16 17:20 - 2012-05-16 17:20 - 00001807 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
    2012-05-16 17:20 - 2012-05-16 17:20 - 00001807 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
    2012-05-14 23:01 - 2012-06-12 18:52 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 22:59 - 2012-06-12 18:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 22:03 - 2012-06-12 18:52 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-14 22:00 - 2012-06-12 18:52 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-12 19:48 - 2012-05-12 19:48 - 00000052 ____A C:\Users\Kyle\Desktop\playR - Free old school flash gaming action online!.URL
    2012-05-11 23:46 - 2010-11-24 00:19 - 00189561 ____A C:\Windows\DirectX.log
    2012-05-11 03:32 - 2012-05-11 03:32 - 00000104 ____A C:\Users\Kyle\Desktop\How to Squat The Ultimate Guide To Proper Form on Squats StrongLifts.com.URL
    2012-05-11 03:22 - 2012-05-11 03:22 - 00000085 ____A C:\Users\Kyle\Desktop\7 Powerful Tips To Master Perfect Barbell Row Technique StrongLifts.com.URL
    2012-05-11 03:20 - 2012-05-11 03:20 - 00000072 ____A C:\Users\Kyle\Desktop\How to Boost Your Flexibility with Shoulders Dislocations StrongLifts.com.URL
    2012-05-11 03:19 - 2012-05-11 03:19 - 00000114 ____A C:\Users\Kyle\Desktop\How to Master The Bench Press StrongLifts.com.URL
    2012-05-04 06:06 - 2012-06-12 18:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 05:03 - 2012-06-12 18:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 05:03 - 2012-06-12 18:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-01 00:40 - 2012-06-12 18:51 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-29 15:59 - 2012-04-29 15:49 - 00001056 ____A C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
    2012-04-29 15:59 - 2012-04-29 15:49 - 00001056 ____A C:\Users\All Users\Desktop\Warcraft III - The Frozen Throne.lnk
    2012-04-28 04:57 - 2012-04-28 04:57 - 00000075 ____A C:\Users\Kyle\Desktop\How Long Should I Rest Between Sets.URL
    2012-04-27 22:55 - 2012-06-12 18:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 00:41 - 2012-06-12 18:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 00:41 - 2012-06-12 18:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-26 00:34 - 2012-06-12 18:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-25 20:13 - 2012-04-25 20:04 - 00001011 ____A C:\Users\Public\Desktop\Warcraft III.lnk
    2012-04-25 20:13 - 2012-04-25 20:04 - 00001011 ____A C:\Users\All Users\Desktop\Warcraft III.lnk
    2012-04-24 00:37 - 2012-06-12 18:51 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 00:37 - 2012-06-12 18:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 00:37 - 2012-06-12 18:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-23 23:36 - 2012-06-12 18:51 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-23 23:36 - 2012-06-12 18:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-23 23:36 - 2012-06-12 18:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-23 02:54 - 2012-04-23 02:54 - 00000069 ____A C:\Users\Kyle\Desktop\Rune Meanings - The Elder Futhark.URL
    2012-04-23 02:21 - 2012-04-23 02:21 - 00000070 ____A C:\Users\Kyle\Desktop\Norse Mythology.URL
    2012-04-20 00:42 - 2012-06-12 18:52 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-04-20 00:42 - 2012-06-12 18:52 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-04-20 00:42 - 2012-06-12 18:52 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-04-20 00:42 - 2012-06-12 18:52 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-04-20 00:42 - 2012-06-12 18:52 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-04-20 00:42 - 2012-06-12 18:52 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-04-20 00:42 - 2012-06-12 18:52 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-04-20 00:42 - 2012-06-12 18:52 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-04-20 00:00 - 2012-06-12 18:52 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-04-20 00:00 - 2012-06-12 18:52 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

    ZeroAccess:
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\1afb2d56
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3dde
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\55490ac4
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000004.@
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\000000cb.@
    C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000064.@

    ZeroAccess:
    C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
    C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
    C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
    C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    Possible MBR infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3956.52 MB
    Available physical RAM: 3354.81 MB
    Total Pagefile: 3954.67 MB
    Available Pagefile: 3352.43 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:96.08 GB) NTFS
    3 Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:284.73 GB) NTFS
    4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 Online 465 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 101 MB 31 KB
    Partition 2 Primary 14 GB 101 MB
    Partition 3 Primary 451 GB 14 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 FAT Partition 101 MB Healthy Hidden

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C OS NTFS Partition 451 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E TOSHIBA EXT NTFS Partition 465 GB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-06-28 21:26

    ======================= End Of Log ==========================
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  11. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-18 19:04:42
    Running from E:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  13. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    ComboFix 12-07-18.04 - Kyle 07/19/2012 3:02.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2362 [GMT -7:00]
    Running from: c:\users\Kyle\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\programdata\SPL1B9.tmp
    c:\programdata\SPL7145.tmp
    c:\programdata\SPL8800.tmp
    c:\windows\Fonts\font3746.ttf
    c:\windows\Fonts\font3746_0.ttf
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-19 10:17 . 2012-07-19 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-18 20:01 . 2012-07-18 20:01 -------- d-----w- C:\FRST
    2012-07-16 21:31 . 2012-07-16 21:31 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-14 00:39 . 2012-07-14 00:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-14 00:39 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-13 20:23 . 2012-07-13 20:23 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-07-13 20:23 . 2012-07-13 20:23 -------- d-----w- c:\program files (x86)\Oracle
    2012-07-13 20:22 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-07-12 08:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 20:23 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 20:23 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 20:23 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-07-10 06:39 . 2012-07-10 21:37 -------- d-----w- c:\users\Kyle\AppData\Local\Bit.Trip Beat
    2012-07-10 06:34 . 2012-07-10 06:34 466456 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-07-10 06:34 . 2012-07-10 06:34 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2012-07-10 06:34 . 2012-07-10 06:34 122904 ----a-w- c:\windows\system32\OpenAL32.dll
    2012-07-10 06:34 . 2012-07-10 06:34 -------- d-----w- c:\program files (x86)\OpenAL
    2012-07-10 06:34 . 2012-07-10 06:34 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2012-07-02 07:56 . 2012-07-02 07:56 0 ----a-w- c:\windows\SysWow64\shoD00D.tmp
    2012-07-01 08:26 . 2012-07-01 08:26 -------- d-----w- C:\DataSafeOnline
    2012-06-29 00:01 . 2012-06-29 00:01 -------- d-----w- C:\found.000
    2012-06-28 05:07 . 2012-06-28 22:10 -------- d-----w- c:\program files\Core Temp
    2012-06-24 22:52 . 2012-06-24 22:52 -------- d-----w- c:\users\Kyle\AppData\Local\Lazy 8 Studios
    2012-06-22 18:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 18:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 18:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 18:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 18:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 18:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 18:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 18:06 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 18:06 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-19 22:20 . 2012-06-19 22:20 -------- d-----w- c:\users\Kyle\AppData\Local\Microsoft Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 08:01 . 2010-12-10 19:17 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-11 23:54 . 2012-03-30 05:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-11 23:54 . 2011-05-13 15:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-06 05:06 . 2010-11-24 05:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-15 04:01 . 2012-06-12 23:52 1188864 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 03:59 . 2012-06-12 23:52 64512 ----a-w- c:\windows\system32\jsproxy.dll
    2012-05-15 03:03 . 2012-06-12 23:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-05-04 11:06 . 2012-06-12 23:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-12 23:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-12 23:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40 . 2012-06-12 23:51 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-04-28 03:55 . 2012-06-12 23:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-26 05:41 . 2012-06-12 23:52 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-26 05:41 . 2012-06-12 23:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-26 05:34 . 2012-06-12 23:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-24 05:37 . 2012-06-12 23:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-04-24 05:37 . 2012-06-12 23:51 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-04-24 05:37 . 2012-06-12 23:51 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-04-24 04:36 . 2012-06-12 23:51 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-04-24 04:36 . 2012-06-12 23:51 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36 . 2012-06-12 23:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-09 21:45 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 23:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-04-10 00:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
    "Facebook Update"="c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 4786048]
    "Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-10 1557160]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
    .
    c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2010-12-26 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
    R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-31 53800]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-31 35104]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5C24.tmp [2011-05-12 6144]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1255736]
    R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-23 202752]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
    S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272]
    S3 ALSysIO;ALSysIO;c:\users\Kyle\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-23 6233088]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-23 161280]
    S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2009-12-17 20984]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:54]
    .
    2012-07-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001Core.job
    - c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-30 22:32]
    .
    2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001UA.job
    - c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-30 22:32]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 00:58]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 00:58]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
    "lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
    "EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3019965&SearchSource=2&q=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    URLSearchHooks-{e5b66461-19eb-4da5-bbf7-df2d266d975b} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
    Wow6432Node-HKLM-Run-Jaksta Free Video History - c:\program files (x86)\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe
    Toolbar-Locked - (no file)
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\5C24.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-19 03:28:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-19 10:28
    .
    Pre-Run: 130,659,016,704 bytes free
    Post-Run: 133,666,881,536 bytes free
    .
    - - End Of File - - B664CF80378F70983B93B11279707CC0
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good.

    How is computer doing?

    What happened to McAfee? I don't see it running.

    =========================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    My pc has been running fine and I haven't had one of those random ads show up since halfway through this process.

    I had to uninstall McAfee because it had expired and wouldn't let me disable its firewall/antivirus nor change any settings (as per instruction for combofix). When this process is over, I plan on either reinstalling McAfee and renewing my subscription or doing the same for another antivirus.
    -----------------------------------------------------
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.19.15

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Kyle :: KYLE-PC [administrator]

    7/19/2012 6:10:59 PM
    mbam-log-2012-07-19 (18-10-59).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200076
    Time elapsed: 4 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Users\Kyle\Downloads\XvidSetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\Kyle\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    C:\Users\Kyle\Downloads\XvidSetup.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully.

    (end)
    -----------------------------------------------------------------------------------
     
  16. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    OTL logfile created on: 7/19/2012 6:27:36 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kyle\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.86 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 63.26% Memory free
    7.73 Gb Paging File | 5.68 Gb Available in Paging File | 73.47% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 124.97 Gb Free Space | 27.71% Space Free | Partition Type: NTFS

    Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/19 18:16:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
    PRC - [2012/07/09 14:45:52 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    PRC - [2012/07/09 14:45:50 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/06/19 17:44:38 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/08/02 00:14:14 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
    PRC - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
    PRC - [2010/11/20 05:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
    PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/10 10:06:18 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
    MOD - [2012/07/10 09:33:36 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
    MOD - [2012/07/10 09:33:21 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
    MOD - [2012/07/10 09:33:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
    MOD - [2012/07/10 09:32:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
    MOD - [2012/07/10 09:30:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/07/10 09:30:30 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
    MOD - [2012/07/10 09:30:22 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/07/10 09:29:36 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
    MOD - [2012/07/10 09:29:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/07/10 09:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/07/10 09:29:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/07/10 09:28:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/07/09 14:45:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
    MOD - [2012/07/09 14:45:50 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/06/27 22:04:42 | 000,008,704 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\GetCoreTempInfoNET.dll
    MOD - [2012/06/27 22:04:42 | 000,007,680 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\SystemInfo.dll
    MOD - [2012/06/27 22:04:42 | 000,006,144 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\CoreTempReader.dll
    MOD - [2012/06/19 17:44:33 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2012/06/19 17:44:09 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2012/06/19 17:44:09 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2012/06/19 17:44:08 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/06/19 17:44:08 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
    MOD - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
    MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll
    MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
    MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll
    MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll
    MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
    MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll
    MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll
    MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll
    MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll
    MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
    MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
    MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
    MOD - [2010/02/09 12:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
    MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
    MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
    MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
    MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
    MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
    MOD - [2009/02/20 01:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsmr.dll
    MOD - [2009/02/20 01:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
    SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2010/04/14 14:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
    SRV:64bit: - [2010/04/14 14:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
    SRV:64bit: - [2010/01/22 19:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/12/29 13:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/12/16 22:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/11/02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/07/15 09:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
    SRV:64bit: - [2009/07/15 09:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV - [2012/07/19 03:56:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/11 16:54:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/09 14:45:52 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/06/19 17:44:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2010/11/23 22:22:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2010/04/14 14:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
    SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\5C24.tmp -- (MEMSWEEP2)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/05/07 03:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/03/30 20:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/03/30 20:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/03/30 20:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/30 20:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2010/03/30 20:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/01/22 19:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/01/22 18:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2009/12/22 10:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/12/16 22:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2009/12/16 22:16:18 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
    DRV:64bit: - [2009/12/16 22:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/11/02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/30 10:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/01/30 14:29:52 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2007/02/16 12:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2007/02/15 17:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
    DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2B8CC773-4431-4A53-BE28-7E1CE5B42167}
    IE:64bit: - HKLM\..\SearchScopes\{2B8CC773-4431-4A53-BE28-7E1CE5B42167}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    IE - HKLM\..\SearchScopes\{D8A4092E-5BC8-433F-889C-3614577EE954}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1060933
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=A94F250E-220E-4E11-BA8D-F22C7D3434FD
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...264da88a7&lang=en&ds=gm011&pr=sa&d=2012-04-25 15:50:59&v=11.0.0.9&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3019965&SearchSource=2&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 14:45:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 03:56:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/16 15:20:14 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 03:56:17 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/16 15:20:14 | 000,000,000 | ---D | M]

    [2010/12/07 22:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
    [2012/07/13 14:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\extensions
    [2012/06/18 15:16:50 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\extensions\anttoolbar@ant.com
    [2012/06/18 02:00:24 | 000,002,573 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\searchplugins\askcom.xml
    [2012/05/30 08:29:28 | 000,000,879 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\searchplugins\conduit.xml
    [2012/01/08 13:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/13 12:27:12 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\KYLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\64XL57WK.DEFAULT\EXTENSIONS\EXVGHQPSQL@EXVGHQPSQL.ORG.XPI
    [2012/07/19 03:56:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
    [2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/07/09 14:45:49 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/09 21:45:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/07/19 03:20:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [DellSupportCenter] c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/19 18:16:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
    [2012/07/19 03:28:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/19 03:20:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/19 02:55:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/19 02:55:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/19 02:55:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/19 02:55:40 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/19 02:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/19 02:04:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/19 00:43:21 | 004,582,182 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\ComboFix.exe
    [2012/07/18 13:01:08 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/18 04:25:56 | 001,437,107 | ---- | C] (Farbar) -- C:\Users\Kyle\Desktop\FRST64.exe
    [2012/07/18 02:26:25 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\Headshots
    [2012/07/16 23:31:47 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
    [2012/07/16 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\RK_Quarantine
    [2012/07/16 18:29:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
    [2012/07/16 14:31:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/16 14:24:49 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\TDSSKiller.exe
    [2012/07/15 16:01:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
    [2012/07/13 17:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/13 17:39:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/13 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/13 13:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/07/13 13:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
    [2012/07/12 13:02:14 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Ant Videos Relocated
    [2012/07/09 23:39:55 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Bit.Trip Beat
    [2012/07/09 23:34:59 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/07/09 23:34:59 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/07/09 23:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
    [2012/07/01 01:26:06 | 000,000,000 | ---D | C] -- C:\DataSafeOnline
    [2012/06/28 17:01:10 | 000,000,000 | ---D | C] -- C:\found.000
    [2012/06/27 22:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
    [2012/06/27 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
    [2012/06/24 15:52:05 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Lazy 8 Studios
    [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
  17. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    ========== Files - Modified Within 30 Days ==========

    [2012/07/19 18:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001UA.job
    [2012/07/19 18:25:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/19 18:25:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/19 18:18:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/19 18:18:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/19 18:17:56 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/19 18:16:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
    [2012/07/19 18:13:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/19 18:11:23 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/19 18:11:23 | 000,660,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/19 18:11:23 | 000,121,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/19 18:08:09 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001Core.job
    [2012/07/19 18:08:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/19 03:56:18 | 000,002,046 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2012/07/19 03:20:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/19 00:43:32 | 004,582,182 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\ComboFix.exe
    [2012/07/18 04:25:58 | 001,437,107 | ---- | M] (Farbar) -- C:\Users\Kyle\Desktop\FRST64.exe
    [2012/07/18 04:17:18 | 000,012,812 | ---- | M] () -- C:\Users\Kyle\.recently-used.xbel
    [2012/07/16 23:31:47 | 000,001,201 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.8.lnk
    [2012/07/16 23:31:47 | 000,001,177 | ---- | M] () -- C:\Users\Kyle\Desktop\FrostWire 5.3.8.lnk
    [2012/07/16 19:12:25 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
    [2012/07/16 18:30:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
    [2012/07/16 18:29:20 | 001,558,528 | ---- | M] () -- C:\Users\Kyle\Desktop\RogueKiller.exe
    [2012/07/16 14:25:58 | 000,000,121 | ---- | M] () -- C:\Users\Kyle\Desktop\[Active] - Random Audio and Advertisements in Background - TechSpot Forums.URL
    [2012/07/16 14:11:55 | 392,310,018 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/15 16:01:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
    [2012/07/15 15:55:11 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\49d6xyh7.exe
    [2012/07/13 17:39:53 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/12 12:28:13 | 000,426,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/07/12 01:07:07 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
    [2012/07/11 03:05:13 | 000,774,412 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/07/09 23:34:59 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2012/07/09 23:34:59 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2012/07/09 12:48:10 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\TDSSKiller.exe
    [2012/07/05 19:22:06 | 000,032,807 | ---- | M] () -- C:\Users\Kyle\Documents\SchwabRecords.rtf
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/28 14:23:38 | 000,000,419 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\All CPU Meter_Settings.ini
    [2012/06/28 13:35:39 | 000,000,790 | ---- | M] () -- C:\Users\Kyle\Desktop\Core Temp.lnk
    [6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
    [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/19 02:55:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/19 02:55:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/19 02:55:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/19 02:55:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/19 02:55:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/18 04:17:18 | 000,012,812 | ---- | C] () -- C:\Users\Kyle\.recently-used.xbel
    [2012/07/16 23:31:47 | 000,001,201 | ---- | C] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.8.lnk
    [2012/07/16 23:31:47 | 000,001,177 | ---- | C] () -- C:\Users\Kyle\Desktop\FrostWire 5.3.8.lnk
    [2012/07/16 19:12:25 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
    [2012/07/16 18:29:17 | 001,558,528 | ---- | C] () -- C:\Users\Kyle\Desktop\RogueKiller.exe
    [2012/07/16 14:25:58 | 000,000,121 | ---- | C] () -- C:\Users\Kyle\Desktop\[Active] - Random Audio and Advertisements in Background - TechSpot Forums.URL
    [2012/07/15 15:55:10 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\49d6xyh7.exe
    [2012/07/13 17:39:53 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/12 01:07:07 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
    [2012/06/28 13:35:39 | 000,000,790 | ---- | C] () -- C:\Users\Kyle\Desktop\Core Temp.lnk
    [2012/06/27 22:06:18 | 000,000,419 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\All CPU Meter_Settings.ini
    [2012/04/10 19:14:49 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
    [2012/04/09 23:24:59 | 000,001,763 | ---- | C] () -- C:\Users\Kyle\iTunes.lnk
    [2012/03/09 17:01:45 | 000,227,612 | ---- | C] () -- C:\Users\Kyle\Font_experiment_1.svg
    [2011/10/06 12:38:36 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
    [2011/10/06 12:38:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
    [2011/10/06 12:38:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
    [2011/10/06 12:38:36 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
    [2011/10/06 12:38:36 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
    [2011/10/06 12:38:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
    [2011/10/06 12:38:36 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
    [2011/10/06 12:38:36 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
    [2011/10/06 12:38:36 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
    [2011/10/06 12:38:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
    [2011/10/06 12:38:36 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
    [2011/10/06 12:38:36 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
    [2011/10/06 12:38:35 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
    [2011/10/06 12:38:35 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
    [2011/10/06 12:38:35 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
    [2011/10/06 12:38:35 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
    [2011/10/06 12:38:35 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
    [2011/10/06 12:38:35 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
    [2011/10/06 12:38:35 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
    [2011/10/06 12:38:35 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
    [2011/10/06 12:34:40 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
    [2011/10/06 12:34:40 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
    [2011/04/28 22:08:23 | 000,003,584 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/11 14:47:15 | 000,774,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/04 20:25:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/12/24 21:52:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/11/23 23:59:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/11/23 23:42:20 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2010/11/23 22:41:55 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

    ========== LOP Check ==========

    [2011/04/25 12:10:34 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\4Media
    [2010/12/09 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\acccore
    [2011/08/26 20:54:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Amazon
    [2012/05/16 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AVG2012
    [2012/04/16 01:25:29 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Azureus
    [2012/02/20 23:15:17 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Beat Hazard
    [2010/12/20 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Blender Foundation
    [2012/02/22 18:10:41 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Braid
    [2012/03/19 23:03:53 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Doublefine
    [2012/06/16 16:08:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\fltk.org
    [2012/07/17 01:09:13 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\FrostWire
    [2011/04/25 12:07:55 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\GetRightToGo
    [2012/07/18 04:17:18 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\gtk-2.0
    [2011/07/26 21:58:10 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Hothead Games
    [2012/03/09 15:23:33 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\inkscape
    [2012/06/18 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Jaksta Free Video History
    [2011/08/25 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\LolClient
    [2012/06/06 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MonoDevelop-Unity
    [2012/06/07 21:04:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MonoDevelop-Unity-2.8
    [2012/02/11 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\OpenCandy
    [2012/01/04 21:58:33 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\PACE Anti-Piracy
    [2011/12/27 01:29:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\RIFT
    [2012/05/11 21:47:36 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\runic games
    [2012/05/16 00:35:38 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\SoftGrid Client
    [2012/01/07 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\stetic
    [2011/07/07 19:14:33 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\The Path
    [2011/02/11 14:48:05 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\TP
    [2012/01/04 21:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Unity
    [2011/07/08 17:26:36 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\WTouch
    [2012/07/19 18:08:09 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001Core.job
    [2012/07/19 18:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001UA.job
    [2012/07/19 02:50:56 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 945 bytes -> C:\ProgramData\Microsoft:SD5sW9MNkKUhd2dT0Ch
    @Alternate Data Stream - 1172 bytes -> C:\Program Files (x86)\Common Files\System:vPW82U70DR7Khva5W
    @Alternate Data Stream - 1114 bytes -> C:\ProgramData\Microsoft:JlI5nRJ8GggDIukdJEtF7uEKd
    @Alternate Data Stream - 1043 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ClqoJpuOEX92C2CEOVfj8N6SwQgk

    < End of report >
     
  18. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    OTL Extras logfile created on: 7/19/2012 6:27:36 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kyle\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.86 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 63.26% Memory free
    7.73 Gb Paging File | 5.68 Gb Available in Paging File | 73.47% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 124.97 Gb Free Space | 27.71% Space Free | Partition Type: NTFS

    Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{BF7200C0-CA2B-4656-8FF1-E49BBE711202}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EFB0B8BA-E541-4F33-A734-B0302F4C28ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
    "{11B7FDD0-6D31-1CAB-3BC4-9EB1ACD67803}" = ATI AVIVO64 Codecs
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{3B6074E5-5823-9363-851C-25F9DDB1E477}" = ccc-utility64
    "{3EF53D70-F472-9A93-2E09-737FBB4A5AE8}" = ATI Catalyst Install Manager
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{E852F060-08FF-FFD5-0C98-2A066B42EBBB}" = ccc-utility64
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
    "Blender" = Blender
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "Explorer Suite_is1" = Explorer Suite III
    "Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "VTFEdit_is1" = VTFEdit 1.3.2

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{1170BEDA-359C-4202-A5BF-CCA919E7B917}" = CCC Help Danish
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{16FB54B9-8AC9-F064-38FB-DF7B69583218}" = CCC Help Chinese Standard
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{19DE6032-D3EE-D664-FA63-452431599161}" = CCC Help Norwegian
    "{1B367D21-5307-428C-DEDA-D073071CB89B}" = CCC Help Japanese
    "{1CCF681C-C203-49B3-83F4-A54F0F944416}" = CleanWaterAction Reminder by We-Care.com v5.0.5.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{24BBD0E3-4579-9EF5-6081-DE56129D093A}" = Catalyst Control Center InstallProxy
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
    "{2DE12376-E648-D16E-3E0A-0CAEE233BF64}" = CCC Help Spanish
    "{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3347400D-F491-6DB5-9F57-0A9EA8E435C9}" = Catalyst Control Center Core Implementation
    "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
    "{39EFAC6A-639E-3CE3-2B62-EF8518AD8326}" = CCC Help Chinese Traditional
    "{3ED3BC2E-141A-BFB0-D48C-E8DDA3A461E7}" = ccc-core-static
    "{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
    "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4979A82C-4EBE-32C4-81E5-94532C4BAEED}" = Catalyst Control Center Localization All
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
    "{54EE63E3-9960-41B6-9644-BB0167C6DD42}" = Catalyst Control Center - Branding
    "{550B72C4-F404-4812-971F-947E835A877E}" = Gtk# for .Net 2.12.10
    "{57B21E43-056F-9E58-8774-20E8A89B5347}" = CCC Help English
    "{5A11DB94-53E7-0232-3AF6-8DD9612094CD}" = CCC Help Chinese Traditional
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5CF3C617-83A2-3D8E-39D6-45B593BB5F89}" = CCC Help German
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{60495020-5A67-DE2D-B768-5E77E734D263}" = CCC Help Italian
    "{61C06586-0FAD-1E43-20C6-08F4F1483C3D}" = CCC Help Norwegian
    "{62499375-AB9C-5279-EEEE-F5AB863CA996}" = CCC Help Danish
    "{6464EA89-7B34-C15B-B39F-4638EFF931DE}" = Catalyst Control Center Graphics Previews Common
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65A30A52-B4CA-006E-8750-8366C9693C77}" = CCC Help Russian
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{66C5E9B6-2D87-D7E8-9B8F-BFCAD7105AD1}" = Catalyst Control Center Graphics Previews Common
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F3AB64A-CC2D-C533-C5CD-30420E2DC578}" = Skins
    "{7087BFF5-88C7-4B82-2EF6-B7F09DD4A86B}" = ccc-core-static
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{719CCEF3-234C-6C1A-3891-79FA208E8025}" = CCC Help Portuguese
    "{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{764490A7-9DF2-B0CE-DA9F-72DDFD342ACA}" = CCC Help Russian
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78AE5FAE-C641-311B-9CC8-CEBB87FAF795}" = CCC Help Japanese
    "{7BCA9417-A611-CC28-9471-6250EC9666EB}" = Catalyst Control Center Graphics Full Existing
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{860CF8EA-A8ED-01BD-8344-26DB1058A563}" = CCC Help Korean
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C28F118-03B5-4756-F83C-C31C851D1FF3}" = CCC Help Chinese Standard
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95E58BA1-2E10-B49E-283C-3C170C098149}" = CCC Help Dutch
    "{9635D462-1B39-E171-BA1C-32A036572251}" = CCC Help Spanish
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362AE0-1F0D-370B-F468-FFEF38682508}" = Catalyst Control Center Graphics Full Existing
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FF5AF7A-F7C7-D4F0-D93F-40800E2F8C20}" = Catalyst Control Center InstallProxy
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A4147C0B-A939-B87E-A6AB-71837A52AFEC}" = Catalyst Control Center Core Implementation
    "{A498BF75-59BD-6EDB-1C19-13AAA2FD3034}" = CCC Help French
    "{A8ACDFFF-093C-8898-E1B8-9388277CD805}" = CCC Help Portuguese
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AB834517-C040-6115-A231-0A62F0A08294}" = CCC Help Swedish
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B2939EC4-6FB6-3153-0F9E-CE1AE76F0AE8}" = Catalyst Control Center Graphics Light
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{B47669BF-36B7-B33B-69C9-A2E7AAA36017}" = CCC Help German
    "{B5747FE9-AC7C-3512-02EA-2C6A089EC68F}" = CCC Help Finnish
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
    "{C52D6FF6-308B-2395-72EE-CA72216F8618}" = CCC Help Korean
    "{C5422D6A-6CC4-82CA-C28F-249DC0C846B5}" = Catalyst Control Center Graphics Full New
    "{CEC73671-6AFB-CC2B-203B-2A00E8901755}" = Catalyst Control Center Graphics Previews Vista
    "{CFBB5529-2532-1F5E-8706-F0D1BE3B8C35}" = Catalyst Control Center Graphics Previews Vista
    "{D7058431-BC8D-71B7-136F-6FFA32C5C7C2}" = CCC Help Swedish
    "{DCC9335C-09BD-3017-096F-931FDB8E7663}" = Catalyst Control Center Graphics Full New
    "{DE4AD67B-9EA0-31F1-F5EE-E9B836248839}" = CCC Help English
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{ECBA603F-259F-9C33-85DE-0D7E3FCAB407}" = CCC Help Finnish
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE14D3B8-D4A6-EEC6-A37E-FC77CBF6A5FE}" = CCC Help Italian
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F26E3E58-D6E5-3C61-7A7C-20D61017C26A}" = CCC Help French
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{FB9F4BEA-283B-18FA-3DA4-B757214528F3}" = Catalyst Control Center Localization All
    "{FCAC5BFF-0A4E-3E71-C486-5E55C0630817}" = CCC Help Dutch
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE6D5F28-4C11-4197-66CA-48AA4AECD833}" = Catalyst Control Center Graphics Light
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "8461-7759-5462-8226" = Vuze
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "AIM_7" = AIM 7
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
    "AVG Secure Search" = AVG Security Toolbar
    "Dell Dock" = Dell Dock
    "Dell Webcam Central" = Dell Webcam Central
    "FrostWire" = FrostWire 4.21.3
    "FrostWire 5" = FrostWire 5.3.8
    "Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
    "GOM Player" = GOM Player
    "GoToAssist" = GoToAssist 8.0.0.514
    "Inkscape" = Inkscape 0.48.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Online Sheet Music Viewer_is1" = Online Sheet Music Viewer 8.2.2.0
    "OpenAL" = OpenAL
    "Origin" = Origin
    "Pen Tablet Driver" = Bamboo
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
    "Steam App 115100" = Costume Quest
    "Steam App 115110" = Stacking
    "Steam App 13260" = Unreal Development Kit
    "Steam App 18040" = DeathSpank
    "Steam App 202480" = Creation Kit
    "Steam App 211" = Source SDK
    "Steam App 26500" = Cogs
    "Steam App 27000" = The Path
    "Steam App 3830" = Psychonauts
    "Steam App 400" = Portal
    "Steam App 41500" = Torchlight
    "Steam App 42300" = Sixense TrueMotion SDK
    "Steam App 42910" = Magicka
    "Steam App 440" = Team Fortress 2
    "Steam App 48000" = LIMBO
    "Steam App 49600" = Beat Hazard
    "Steam App 500" = Left 4 Dead
    "Steam App 520" = Team Fortress 2 Beta
    "Steam App 550" = Left 4 Dead 2
    "Steam App 57300" = Amnesia: The Dark Descent
    "Steam App 63700" = BIT.TRIP BEAT
    "Unity" = Unity
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "Warcraft III" = Warcraft III
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinGimp-2.0_is1" = GIMP 2.6.11

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "UnityWebPlayer" = Unity Web Player

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 4:20:24 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 3/31/2012 4:20:24 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    [ Broadcom Wireless LAN Events ]
    Error - 6/20/2012 4:17:58 PM | Computer Name = Kyle-PC | Source = WLAN-Tray | ID = 0
    Description = 13:17:56, Wed, Jun 20, 12 Error - Unable to gain access to user store


    [ Dell Events ]
    Error - 9/19/2011 3:21:38 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/19/2011 3:26:14 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/19/2011 3:26:14 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/19/2011 8:13:50 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/19/2011 8:13:50 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/21/2011 4:20:11 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/21/2011 4:20:11 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/24/2011 4:15:00 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/24/2011 4:15:00 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/27/2011 6:30:23 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 9/15/2011 2:15:57 PM | Computer Name = Kyle-PC | Source = MCUpdate | ID = 0
    Description = 11:15:57 AM - Error connecting to the internet. 11:15:57 AM - Unable
    to contact server..

    [ System Events ]
    Error - 7/19/2012 6:30:58 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7022
    Description = The Intel(R) Management & Security Application User Notification Service
    service hung on starting.

    Error - 7/19/2012 6:48:07 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService
    service to connect.

    Error - 7/19/2012 6:48:07 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7000
    Description = The lxebCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 7/19/2012 6:48:07 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MfeFire. This service might not be installed.

    Error - 7/19/2012 4:00:29 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService
    service to connect.

    Error - 7/19/2012 4:00:29 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7000
    Description = The lxebCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 7/19/2012 4:00:29 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MfeFire. This service might not be installed.

    Error - 7/19/2012 9:18:19 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService
    service to connect.

    Error - 7/19/2012 9:18:19 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7000
    Description = The lxebCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 7/19/2012 9:18:19 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7003
    Description = The McAfee Personal Firewall Service service depends the following
    service: MfeFire. This service might not be installed.


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    You didn't answer my question:
     
  20. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    I uninstalled it. It wouldn't let me disable it.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Reinstall it as soon as possible.
    You can't be without any protection.
    While you do so I'll review your OTL logs.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
      IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      [2012/06/18 02:00:24 | 000,002,573 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\searchplugins\askcom.xml
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
      [2012/07/18 13:01:08 | 000,000,000 | ---D | C] -- C:\FRST
      @Alternate Data Stream - 945 bytes -> C:\ProgramData\Microsoft:SD5sW9MNkKUhd2dT0Ch
      @Alternate Data Stream - 1172 bytes -> C:\Program Files (x86)\Common Files\System:vPW82U70DR7Khva5W
      @Alternate Data Stream - 1114 bytes -> C:\ProgramData\Microsoft:JlI5nRJ8GggDIukdJEtF7uEKd
      @Alternate Data Stream - 1043 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ClqoJpuOEX92C2CEOVfj8N6SwQgk
      
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  23. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    All processes killed
    ========== OTL ==========
    No active process named Updater.exe was found!
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\searchplugins\askcom.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
    C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U folder moved successfully.
    C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L folder moved successfully.
    C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} folder moved successfully.
    C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U folder moved successfully.
    C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L folder moved successfully.
    C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ADS C:\ProgramData\Microsoft:SD5sW9MNkKUhd2dT0Ch deleted successfully.
    ADS C:\Program Files (x86)\Common Files\System:vPW82U70DR7Khva5W deleted successfully.
    ADS C:\ProgramData\Microsoft:JlI5nRJ8GggDIukdJEtF7uEKd deleted successfully.
    ADS C:\Program Files (x86)\Common Files\microsoft shared:ClqoJpuOEX92C2CEOVfj8N6SwQgk deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets folder moved successfully.
    C:\Program Files (x86)\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Kyle
    ->Temp folder emptied: 337402792 bytes
    ->Temporary Internet Files folder emptied: 51399870 bytes
    ->Java cache emptied: 1385552 bytes
    ->FireFox cache emptied: 196867997 bytes
    ->Flash cache emptied: 317818 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 36864 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 130574 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53861 bytes
    RecycleBin emptied: 121 bytes

    Total Files Cleaned = 560.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Kyle
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Kyle
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.1 log created on 07192012_204540

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\FRST\Quarantine not found!
    File C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  24. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG Security Toolbar
    McAfee All Access – Total Protection
    McAfee Online Backup
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Sophos Anti-Rootkit 1.5.20
    JavaFX 2.1.1
    Java(TM) 6 Update 29
    Java(TM) 7 Update 5
    Out of date Java installed!
    Adobe Flash Player 11.3.300.265
    Adobe Reader X (10.1.3)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    McAfee Online Backup MOBKbackup.exe
    ``````````End of Log````````````
    ----------------------------------------------------------------------------
    Farbar Service Scanner Version: 19-07-2012
    Ran by Kyle (administrator) on 19-07-2012 at 22:32:11
    Running from "C:\Users\Kyle\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============

    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  25. Animeniak7530

    Animeniak7530 TS Rookie Topic Starter Posts: 18

    C:\TDSSKiller_Quarantine\16.07.2012_14.29.12\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\16.07.2012_14.29.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\16.07.2012_14.29.12\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\Users\Kyle\Downloads\media.player.codec.pack.v3.9.9.setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
    C:\Users\Kyle\Downloads\VLC_968.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\07192012_204540\C_\FRST\Quarantine\E2A7.tmp a variant of Win32/Kryptik.AHVU trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\07192012_204540\C_FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...