Solved Random audio and advertisements in background

[Animeniak7530]

Hello,

I've been having problems with sound files playing in the background at seemingly random intervals. They happen most often after I first boot my computer and consist of advertisements and some other video/music (like a Cracked . com video, a site which I frequent). I'm not sure if it's replaying audio to things I've recently watched or if they're different audio files altogether.

I found another topic of this sort on this forum through Google, and the eventual fix was the reinstallation of Java. I tried that solution, but the problem came back, so I ran my own scans and here are my logs (MWB did delete some viruses, but the problem persists. Also, McAfee wouldn't let me disable my firewall, so I'm not sure if that has caused any hinderance with DDS):

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kyle :: KYLE-PC [administrator]

Protection: Enabled

7/14/2012 3:21:18 AM
mbam-log-2012-07-14 (03-21-18).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 805956
Time elapsed: 7 hour(s), 31 minute(s), 49 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2468 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\ProgramData\Microsoft\Windows\DRM\E19B.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\DRM\E19C.tmp (Rootkit.ZeroAccess) -> Quarantined and deleted successfully.
C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\n (Rootkit.0Access) -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
-------------------------------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-15 18:14:09
Windows 6.1.7601 Service Pack 1
Running: 49d6xyh7.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38b3053f
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38b3053f (not active ControlSet)

---- EOF - GMER 1.0.15 ----
------------------------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Kyle at 21:17:33 on 2012-07-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1558 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\lxebcoms.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
uDefault_Page_URL = g.msn.com/USCON/1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111219222325.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Facebook Update] "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [Jaksta Free Video History] "C:\Program Files (x86)\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe" -monitor
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20}\47865656572616E6B66616D696C6973316E64643 : DhcpNameServer = 208.67.222.222 208.67.220.220 209.18.47.61
TCP: Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20}\F457276416D696C69725F657475627 : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
BHO-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111219222325.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [Jaksta Free Video History] "C:\Program Files (x86)\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe" -monitor
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3019965&SearchSource=2&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\extensions\{e5b66461-19eb-4da5-bbf7-df2d266d975b}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 lxeb_device;lxeb_device;C:\Windows\system32\lxebcoms.exe -service --> C:\Windows\system32\lxebcoms.exe -service [?]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-11-23 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-11-23 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-11-23 161168]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-23 1692480]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2320920]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R2 WTouchService;WTouch Service;C:\Program Files\WTouch\WTouchService.exe [2011-7-8 127272]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxebserv.exe [2011-10-6 45736]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-30 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\5C24.tmp --> C:\Windows\system32\5C24.tmp [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-1 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-2 249936]
.
=============== Created Last 30 ================
.
2012-07-14 20:43:37 20480 ----a-w- C:\Windows\svchost.exe
2012-07-14 00:39:46 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-14 00:39:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 20:23:08 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-13 20:22:33 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-12 08:08:47 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 20:23:02 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 20:23:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 20:23:00 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-10 06:39:55 -------- d-----w- C:\Users\Kyle\AppData\Local\Bit.Trip Beat
2012-07-10 06:34:59 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-10 06:34:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-10 06:34:59 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-10 06:34:59 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-07-10 06:34:58 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-07-02 07:56:57 0 ----a-w- C:\Windows\SysWow64\shoD00D.tmp
2012-07-01 08:26:06 -------- d-----w- C:\DataSafeOnline
2012-06-29 00:01:10 -------- d-sh--w- C:\found.000
2012-06-28 05:07:23 -------- d-----w- C:\Program Files\Core Temp
2012-06-24 22:52:05 -------- d-----w- C:\Users\Kyle\AppData\Local\Lazy 8 Studios
2012-06-22 18:07:22 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 18:06:56 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 18:06:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 18:06:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 22:20:35 -------- d-----w- C:\Users\Kyle\AppData\Local\Microsoft Games
2012-06-18 20:19:20 -------- d-----w- C:\Users\Kyle\AppData\Local\Jaksta_Technologies_Pty_L
2012-06-18 20:19:18 -------- d-----w- C:\Users\Kyle\AppData\Roaming\Jaksta Free Video History
2012-06-18 20:18:55 -------- d-----w- C:\Program Files (x86)\Jaksta Technologies
2012-06-18 01:22:05 -------- d-----w- C:\Program Files (x86)\freecordertoolbar
2012-06-16 23:08:19 -------- d-----w- C:\Users\Kyle\AppData\Roaming\fltk.org
2012-06-16 23:08:19 -------- d-----w- C:\ProgramData\fltk.org
.
==================== Find3M ====================
.
2012-07-11 23:54:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-11 23:54:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 05:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 21:19:07.42 ===============

 

[Animeniak7530]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/7/2010 2:41:35 PM
System Uptime: 7/15/2012 1:56:16 PM (8 hours ago)
.
Motherboard: Dell Inc. | | 0PJTXT
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | U2E1 | 1190/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 108.058 GiB free.
D: is CDROM (CDFS)
Y: is FIXED (NTFS) - 15 GiB total, 7.205 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP189: 7/7/2012 3:14:10 AM - Windows Update
RP190: 7/8/2012 3:00:58 AM - Windows Update
RP191: 7/8/2012 4:02:08 AM - Windows Update
RP192: 7/9/2012 3:00:26 AM - Windows Update
RP193: 7/10/2012 1:21:47 AM - Windows Update
RP194: 7/11/2012 3:01:19 AM - Windows Update
RP195: 7/12/2012 12:58:13 AM - Windows Update
RP196: 7/13/2012 3:00:28 AM - Windows Update
RP197: 7/13/2012 1:20:40 PM - Installed Java(TM) 7 Update 5
RP198: 7/13/2012 1:22:41 PM - Installed JavaFX 2.1.1
RP199: 7/14/2012 3:25:04 AM - Windows Update
RP200: 7/15/2012 1:14:35 AM - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Advanced Audio FX Engine
AIM 7
Alice Madness Returns
Amazon MP3 Downloader 1.0.12
Amnesia: The Dark Descent
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATI Catalyst Control Center
AVG Security Toolbar
Bamboo
Beat Hazard
BIT.TRIP BEAT
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CleanWaterAction Reminder by We-Care.com v5.0.5.1
Cogs
Consumer In-Home Service Agreement
Costume Quest
Cozi
Creation Kit
DarksidersInstaller
DeathSpank
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Resource CD
Dell Support Center (Support Software)
Dell Webcam Central
Download Updater (AOL LLC)
Facebook Video Calling 1.2.0.159
Fallout Mod Manager 0.13.21
FrostWire 4.21.3
FrostWire 5.3.6
GIMP 2.6.11
GOM Player
Google Earth
Google Update Helper
GoToAssist 8.0.0.514
Gtk# for .Net 2.12.10
Inkscape 0.48.2
Intel(R) Management Engine Components
IZArc 4.1.6
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 5
JavaFX 2.1.1
League of Legends
Left 4 Dead
Left 4 Dead 2
Lexmark Toolbar
LIMBO
Live! Cam Avatar Creator
LoJack Factory Installer
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
Oblivion
Online Sheet Music Viewer 8.2.2.0
OpenAL
Origin
Portal
Psychonauts
Python 2.7.2
QuickTime
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sixense TrueMotion SDK
Skins
Skype Toolbars
Skype™ 5.3
Sophos Anti-Rootkit 1.5.20
Source SDK
Stacking
Steam
Team Fortress 2
Team Fortress 2 Beta
The Path
Torchlight
Ubisoft Game Launcher
Unity
Unity Web Player
Unreal Development Kit
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
Vuze
Vuze Remote Toolbar
Warcraft III
WildTangent Games
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 6:32:16 PM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
7/9/2012 6:32:16 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
7/9/2012 6:30:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000400000001, 0xfffff880035c4a68, 0xfffff880035c42c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 070912-30638-01.
7/9/2012 4:25:24 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
7/9/2012 4:23:23 PM, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.
7/9/2012 1:28:12 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
7/8/2012 3:00:11 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WTouchService service.
7/15/2012 5:48:38 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/15/2012 5:48:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/15/2012 2:01:05 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
7/15/2012 1:57:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
7/15/2012 1:56:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/15/2012 1:56:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect.
7/15/2012 1:56:32 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/15/2012 1:56:32 PM, Error: Service Control Manager [7000] - The lxebCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/15/2012 1:56:30 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/15/2012 1:56:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffffffff90fffffb, 0x0000000000000001, 0xfffffa8008cfb2a3, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071512-24320-01.
7/15/2012 1:15:02 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).
7/14/2012 11:28:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035836ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071412-26410-01.
7/13/2012 2:19:30 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
7/13/2012 12:48:17 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/12/2012 12:39:50 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/12/2012 12:34:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
7/12/2012 12:31:42 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035ce6ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071212-80605-01.
7/10/2012 7:22:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
7/10/2012 4:36:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035c76ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071012-27534-01.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Animeniak7530]

14:29:12.0130 7148 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
14:29:12.0671 7148 ============================================================
14:29:12.0671 7148 Current date / time: 2012/07/16 14:29:12.0671
14:29:12.0671 7148 SystemInfo:
14:29:12.0671 7148
14:29:12.0671 7148 OS Version: 6.1.7601 ServicePack: 1.0
14:29:12.0671 7148 Product type: Workstation
14:29:12.0671 7148 ComputerName: KYLE-PC
14:29:12.0671 7148 UserName: Kyle
14:29:12.0671 7148 Windows directory: C:\Windows
14:29:12.0671 7148 System windows directory: C:\Windows
14:29:12.0671 7148 Running under WOW64
14:29:12.0671 7148 Processor architecture: Intel x64
14:29:12.0671 7148 Number of processors: 4
14:29:12.0671 7148 Page size: 0x1000
14:29:12.0671 7148 Boot type: Normal boot
14:29:12.0671 7148 ============================================================
14:29:15.0273 7148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:29:15.0283 7148 ============================================================
14:29:15.0283 7148 \Device\Harddisk0\DR0:
14:29:15.0283 7148 MBR partitions:
14:29:15.0283 7148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x1D4C000
14:29:15.0283 7148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7EFCD, BlocksNum 0x38606863
14:29:15.0283 7148 ============================================================
14:29:15.0443 7148 C: <-> \Device\Harddisk0\DR0\Partition1
14:29:15.0453 7148 ============================================================
14:29:15.0453 7148 Initialize success
14:29:15.0453 7148 ============================================================
14:29:40.0067 4912 ============================================================
14:29:40.0067 4912 Scan started
14:29:40.0067 4912 Mode: Manual;
14:29:40.0067 4912 ============================================================
14:29:44.0377 4912 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
14:29:44.0457 4912 !SASCORE - ok
14:29:44.0881 4912 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
14:29:44.0941 4912 1394ohci - ok
14:29:45.0343 4912 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
14:29:45.0413 4912 ACPI - ok
14:29:45.0523 4912 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
14:29:45.0583 4912 AcpiPmi - ok
14:29:45.0843 4912 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:29:45.0915 4912 AdobeARMservice - ok
14:29:46.0115 4912 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:29:46.0195 4912 AdobeFlashPlayerUpdateSvc - ok
14:29:46.0277 4912 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:29:46.0307 4912 adp94xx - ok
14:29:46.0367 4912 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:29:46.0387 4912 adpahci - ok
14:29:46.0427 4912 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:29:46.0437 4912 adpu320 - ok
14:29:46.0467 4912 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:29:46.0477 4912 AeLookupSvc - ok
14:29:46.0577 4912 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
14:29:46.0657 4912 AFD - ok
14:29:46.0807 4912 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
14:29:46.0817 4912 agp440 - ok
14:29:46.0857 4912 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:29:46.0857 4912 ALG - ok
14:29:46.0947 4912 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
14:29:46.0947 4912 aliide - ok
14:29:47.0117 4912 ALSysIO - ok
14:29:47.0157 4912 AMD External Events Utility (3d90cf67db75823a8480e56bbcd2e028) C:\Windows\system32\atiesrxx.exe
14:29:47.0207 4912 AMD External Events Utility - ok
14:29:47.0267 4912 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
14:29:47.0277 4912 amdide - ok
14:29:47.0327 4912 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:29:47.0327 4912 AmdK8 - ok
14:29:47.0967 4912 amdkmdag (52679612d742bf74ca1ba6ab86ddf431) C:\Windows\system32\DRIVERS\atipmdag.sys
14:29:48.0307 4912 amdkmdag - ok
14:29:48.0487 4912 amdkmdap (414e0788920a8c856032be2cbf29f984) C:\Windows\system32\DRIVERS\atikmpag.sys
14:29:48.0547 4912 amdkmdap - ok
14:29:48.0587 4912 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:29:48.0607 4912 AmdPPM - ok
14:29:48.0679 4912 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
14:29:48.0749 4912 amdsata - ok
14:29:48.0819 4912 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:29:48.0829 4912 amdsbs - ok
14:29:48.0849 4912 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
14:29:48.0909 4912 amdxata - ok
14:29:49.0049 4912 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
14:29:49.0119 4912 AppID - ok
14:29:49.0189 4912 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:29:49.0189 4912 AppIDSvc - ok
14:29:49.0269 4912 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
14:29:49.0319 4912 Appinfo - ok
14:29:49.0479 4912 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:29:49.0539 4912 Apple Mobile Device - ok
14:29:49.0729 4912 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:29:49.0739 4912 arc - ok
14:29:49.0749 4912 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:29:49.0759 4912 arcsas - ok
14:29:50.0050 4912 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:29:50.0160 4912 aspnet_state - ok
14:29:50.0192 4912 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:29:50.0202 4912 AsyncMac - ok
14:29:50.0272 4912 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
14:29:50.0272 4912 atapi - ok
14:29:50.0302 4912 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
14:29:50.0371 4912 AtiHdmiService - ok
14:29:50.0494 4912 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:29:50.0594 4912 AudioEndpointBuilder - ok
14:29:50.0604 4912 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
14:29:50.0614 4912 AudioSrv - ok
14:29:50.0734 4912 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
14:29:50.0784 4912 AxInstSV - ok
14:29:50.0874 4912 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:29:50.0894 4912 b06bdrv - ok
14:29:51.0084 4912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:29:51.0114 4912 b57nd60a - ok
14:29:51.0154 4912 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
14:29:51.0204 4912 BCM42RLY - ok
14:29:51.0394 4912 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:29:51.0556 4912 BCM43XX - ok
14:29:51.0696 4912 BcmVWL (d98f22c21d2969dad4f1faad8cd4faac) C:\Windows\system32\DRIVERS\bcmvwl64.sys
14:29:51.0774 4912 BcmVWL - ok
14:29:51.0818 4912 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:29:51.0828 4912 BDESVC - ok
14:29:51.0878 4912 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:29:51.0878 4912 Beep - ok
14:29:51.0968 4912 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
14:29:52.0210 4912 BITS - ok
14:29:52.0282 4912 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:29:52.0292 4912 blbdrive - ok
14:29:52.0522 4912 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
14:29:52.0612 4912 Bonjour Service - ok
14:29:52.0802 4912 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
14:29:52.0862 4912 bowser - ok
14:29:52.0922 4912 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:29:52.0932 4912 BrFiltLo - ok
14:29:52.0952 4912 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:29:52.0962 4912 BrFiltUp - ok
14:29:53.0002 4912 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
14:29:53.0052 4912 Browser - ok
14:29:53.0082 4912 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:29:53.0092 4912 Brserid - ok
14:29:53.0122 4912 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:29:53.0122 4912 BrSerWdm - ok
14:29:53.0152 4912 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:29:53.0152 4912 BrUsbMdm - ok
14:29:53.0172 4912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:29:53.0172 4912 BrUsbSer - ok
14:29:53.0342 4912 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:29:53.0352 4912 BthEnum - ok
14:29:53.0402 4912 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:29:53.0412 4912 BTHMODEM - ok
14:29:53.0542 4912 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:29:53.0552 4912 BthPan - ok
14:29:53.0662 4912 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
14:29:53.0762 4912 BTHPORT - ok
14:29:53.0842 4912 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:29:53.0842 4912 bthserv - ok
14:29:53.0883 4912 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
14:29:53.0943 4912 BTHUSB - ok
14:29:53.0993 4912 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
14:29:54.0053 4912 btusbflt - ok
14:29:54.0103 4912 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
14:29:54.0153 4912 btwaudio - ok
14:29:54.0213 4912 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys
14:29:54.0273 4912 btwavdt - ok
14:29:54.0383 4912 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:29:54.0463 4912 btwdins - ok
14:29:54.0483 4912 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
14:29:54.0533 4912 btwl2cap - ok
14:29:54.0583 4912 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
14:29:54.0663 4912 btwrchid - ok
14:29:54.0723 4912 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:29:54.0723 4912 cdfs - ok
14:29:54.0803 4912 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
14:29:54.0863 4912 cdrom - ok
14:29:54.0923 4912 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:29:54.0973 4912 CertPropSvc - ok
14:29:55.0013 4912 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
14:29:55.0073 4912 cfwids - ok
14:29:55.0123 4912 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:29:55.0133 4912 circlass - ok
14:29:55.0163 4912 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:29:55.0183 4912 CLFS - ok
14:29:55.0283 4912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:29:55.0293 4912 clr_optimization_v2.0.50727_32 - ok
14:29:55.0343 4912 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:29:55.0353 4912 clr_optimization_v2.0.50727_64 - ok
14:29:55.0523 4912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:29:55.0833 4912 clr_optimization_v4.0.30319_32 - ok
14:29:56.0024 4912 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:29:56.0274 4912 clr_optimization_v4.0.30319_64 - ok
14:29:56.0334 4912 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:29:56.0334 4912 CmBatt - ok
14:29:56.0384 4912 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
14:29:56.0394 4912 cmdide - ok
14:29:56.0444 4912 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
14:29:56.0504 4912 CNG - ok
14:29:56.0564 4912 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:29:56.0574 4912 Compbatt - ok
14:29:56.0774 4912 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
14:29:56.0834 4912 CompositeBus - ok
14:29:56.0854 4912 COMSysApp - ok
14:29:56.0874 4912 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:29:56.0884 4912 crcdisk - ok
14:29:56.0955 4912 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
14:29:57.0005 4912 CryptSvc - ok
14:29:57.0045 4912 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:29:57.0105 4912 CtClsFlt - ok
14:29:57.0295 4912 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:29:57.0305 4912 cvhsvc - ok
14:29:57.0365 4912 dc3d (76e02db615a03801d698199a2bc4a06a) C:\Windows\system32\DRIVERS\dc3d.sys
14:29:57.0435 4912 dc3d - ok
14:29:57.0535 4912 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:29:57.0555 4912 DcomLaunch - ok
14:29:57.0575 4912 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:29:57.0585 4912 defragsvc - ok
14:29:57.0685 4912 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
14:29:57.0775 4912 DfsC - ok
14:29:58.0295 4912 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
14:29:58.0355 4912 Dhcp - ok
14:29:58.0385 4912 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:29:58.0385 4912 discache - ok
14:29:58.0435 4912 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:29:58.0435 4912 Disk - ok
14:29:58.0505 4912 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
14:29:58.0555 4912 Dnscache - ok
14:29:58.0675 4912 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
14:29:58.0765 4912 DockLoginService - ok
14:29:58.0825 4912 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
14:29:58.0865 4912 dot3svc - ok
14:29:59.0105 4912 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
14:29:59.0135 4912 DPS - ok
14:29:59.0195 4912 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:29:59.0195 4912 drmkaud - ok
14:29:59.0535 4912 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
14:29:59.0795 4912 DXGKrnl - ok
14:30:00.0046 4912 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:30:00.0056 4912 EapHost - ok
14:30:01.0317 4912 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:30:01.0447 4912 ebdrv - ok
14:30:03.0107 4912 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
14:30:03.0187 4912 EFS - ok
14:30:03.0377 4912 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
14:30:03.0477 4912 ehRecvr - ok
14:30:03.0717 4912 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:30:03.0727 4912 ehSched - ok
14:30:05.0729 4912 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:30:05.0779 4912 elxstor - ok
14:30:05.0869 4912 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
14:30:05.0879 4912 ErrDev - ok
14:30:06.0479 4912 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:30:06.0479 4912 EventSystem - ok
14:30:06.0569 4912 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:30:06.0579 4912 exfat - ok
14:30:06.0599 4912 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:30:06.0609 4912 fastfat - ok
14:30:06.0689 4912 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
14:30:06.0749 4912 Fax - ok
14:30:06.0779 4912 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:30:06.0789 4912 fdc - ok
14:30:06.0859 4912 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:30:06.0869 4912 fdPHost - ok
14:30:07.0069 4912 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:30:07.0069 4912 FDResPub - ok
14:30:07.0099 4912 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:30:07.0109 4912 FileInfo - ok
14:30:07.0119 4912 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:30:07.0119 4912 Filetrace - ok
14:30:07.0159 4912 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:30:07.0159 4912 flpydisk - ok
14:30:07.0229 4912 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
14:30:07.0287 4912 FltMgr - ok
14:30:07.0411 4912 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
14:30:07.0471 4912 FontCache - ok
14:30:07.0661 4912 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:30:07.0731 4912 FontCache3.0.0.0 - ok
14:30:07.0861 4912 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:30:07.0861 4912 FsDepends - ok
14:30:07.0921 4912 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
14:30:08.0000 4912 Fs_Rec - ok
14:30:08.0270 4912 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:30:08.0350 4912 fvevol - ok
14:30:08.0412 4912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:30:08.0422 4912 gagp30kx - ok
14:30:08.0532 4912 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
14:30:08.0632 4912 GameConsoleService - ok
14:30:08.0762 4912 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:30:08.0832 4912 GEARAspiWDM - ok
14:30:08.0922 4912 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
14:30:08.0982 4912 GoToAssist - ok
14:30:09.0242 4912 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
14:30:09.0312 4912 gpsvc - ok
14:30:09.0424 4912 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:30:09.0514 4912 gupdate - ok
14:30:09.0564 4912 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:30:09.0564 4912 gupdatem - ok
14:30:09.0594 4912 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:30:09.0594 4912 hcw85cir - ok
14:30:09.0694 4912 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
14:30:09.0744 4912 HdAudAddService - ok
14:30:09.0884 4912 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
14:30:09.0934 4912 HDAudBus - ok
14:30:10.0094 4912 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:30:10.0144 4912 HECIx64 - ok
14:30:10.0194 4912 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:30:10.0194 4912 HidBatt - ok
14:30:10.0234 4912 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:30:10.0234 4912 HidBth - ok
14:30:10.0254 4912 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:30:10.0254 4912 HidIr - ok
14:30:10.0284 4912 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:30:10.0284 4912 hidserv - ok
14:30:10.0364 4912 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
14:30:10.0424 4912 HidUsb - ok
14:30:10.0476 4912 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
14:30:10.0516 4912 hkmsvc - ok
14:30:10.0576 4912 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
14:30:10.0626 4912 HomeGroupListener - ok
14:30:10.0966 4912 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
14:30:11.0006 4912 HomeGroupProvider - ok
14:30:11.0226 4912 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
14:30:11.0304 4912 HpSAMD - ok
14:30:11.0388 4912 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
14:30:11.0476 4912 HTTP - ok
14:30:11.0520 4912 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
14:30:11.0570 4912 hwpolicy - ok
14:30:11.0700 4912 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
14:30:11.0710 4912 i8042prt - ok
14:30:11.0760 4912 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:30:11.0760 4912 iaStor - ok
14:30:11.0840 4912 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
14:30:11.0920 4912 iaStorV - ok
14:30:12.0290 4912 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:30:12.0590 4912 idsvc - ok
14:30:12.0770 4912 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:30:12.0780 4912 iirsp - ok
14:30:12.0970 4912 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
14:30:13.0070 4912 IKEEXT - ok
14:30:13.0122 4912 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
14:30:13.0182 4912 Impcd - ok
14:30:13.0182 4912 IntcAzAudAddService - ok
14:30:13.0302 4912 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
14:30:13.0302 4912 intelide - ok
14:30:13.0432 4912 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:30:13.0442 4912 intelppm - ok
14:30:13.0492 4912 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:30:13.0502 4912 IPBusEnum - ok
14:30:13.0552 4912 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:30:13.0612 4912 IpFilterDriver - ok
14:30:13.0732 4912 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
14:30:13.0792 4912 IPMIDRV - ok
14:30:13.0842 4912 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:30:13.0852 4912 IPNAT - ok
14:30:14.0185 4912 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
14:30:14.0245 4912 iPod Service - ok
14:30:14.0305 4912 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:30:14.0305 4912 IRENUM - ok
14:30:14.0365 4912 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
14:30:14.0365 4912 isapnp - ok
14:30:14.0395 4912 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
14:30:14.0475 4912 iScsiPrt - ok
14:30:14.0495 4912 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
14:30:14.0505 4912 kbdclass - ok
14:30:14.0555 4912 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
14:30:14.0665 4912 kbdhid - ok
14:30:14.0775 4912 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:14.0775 4912 KeyIso - ok
14:30:14.0845 4912 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
14:30:14.0895 4912 KSecDD - ok
14:30:14.0945 4912 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
14:30:15.0051 4912 KSecPkg - ok
14:30:15.0087 4912 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:30:15.0097 4912 ksthunk - ok
14:30:15.0137 4912 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:30:15.0167 4912 KtmRm - ok
14:30:15.0207 4912 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
14:30:15.0267 4912 L1C - ok
14:30:15.0417 4912 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
14:30:15.0467 4912 LanmanServer - ok
14:30:15.0567 4912 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
14:30:15.0634 4912 LanmanWorkstation - ok
14:30:15.0709 4912 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:30:15.0719 4912 lltdio - ok
14:30:15.0749 4912 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:30:15.0769 4912 lltdsvc - ok
14:30:15.0859 4912 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:30:15.0869 4912 lmhosts - ok
14:30:16.0329 4912 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:30:16.0439 4912 LMS - ok
14:30:16.0519 4912 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:30:16.0529 4912 LSI_FC - ok
14:30:16.0559 4912 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:30:16.0569 4912 LSI_SAS - ok
14:30:16.0589 4912 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:30:16.0589 4912 LSI_SAS2 - ok
14:30:16.0609 4912 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:30:16.0609 4912 LSI_SCSI - ok
14:30:16.0659 4912 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:30:16.0669 4912 luafv - ok
14:30:16.0769 4912 lxebCATSCustConnectService (f6963e48385a5637fc4e51dc0f8234a0) C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe
14:30:16.0839 4912 lxebCATSCustConnectService - ok
14:30:16.0879 4912 lxeb_device - ok
14:30:16.0959 4912 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
14:30:17.0019 4912 MBAMProtector - ok
14:30:17.0169 4912 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:30:17.0269 4912 MBAMService - ok
14:30:17.0379 4912 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
14:30:17.0469 4912 McComponentHostService - ok
14:30:17.0689 4912 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:30:17.0751 4912 McMPFSvc - ok
14:30:17.0761 4912 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
14:30:17.0761 4912 mcmscsvc - ok
14:30:17.0801 4912 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
14:30:17.0801 4912 McNaiAnn - ok
14:30:17.0811 4912 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
14:30:17.0811 4912 McNASvc - ok
14:30:17.0901 4912 McODS (07b89e7de2f7971cf7eef0262207c4de) C:\Program Files\mcafee\VirusScan\mcods.exe
14:30:17.0961 4912 McODS - ok
14:30:17.0971 4912 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
14:30:17.0971 4912 McOobeSv - ok
14:30:17.0981 4912 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
14:30:17.0981 4912 McProxy - ok
14:30:18.0121 4912 McShield (325b166bf78d8a8ad93e44ca7a6fc332) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
14:30:18.0231 4912 McShield - ok
14:30:18.0421 4912 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
14:30:18.0474 4912 Mcx2Svc - ok
14:30:18.0543 4912 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:30:18.0543 4912 megasas - ok
14:30:18.0623 4912 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:30:18.0643 4912 MegaSR - ok
14:30:18.0693 4912 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\5C24.tmp
14:30:18.0703 4912 MEMSWEEP2 - ok
14:30:18.0743 4912 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
14:30:18.0813 4912 mfeapfk - ok
14:30:19.0103 4912 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
14:30:19.0263 4912 mfeavfk - ok
14:30:19.0305 4912 mfeavfk01 - ok
14:30:19.0365 4912 mfefire (7d8fdc43972d059907e09ee4022f77e8) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:30:19.0415 4912 mfefire - ok
14:30:19.0545 4912 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
14:30:19.0625 4912 mfefirek - ok
14:30:19.0855 4912 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
14:30:19.0935 4912 mfehidk - ok
14:30:20.0005 4912 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
14:30:20.0065 4912 mfenlfk - ok
14:30:20.0215 4912 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
14:30:20.0265 4912 mferkdet - ok
14:30:20.0555 4912 mfevtp (8a78905057308b084eaa29a9fe1b4f58) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
14:30:20.0625 4912 mfevtp - ok
14:30:20.0685 4912 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
14:30:20.0775 4912 mfewfpk - ok
14:30:20.0835 4912 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:30:20.0835 4912 MMCSS - ok
14:30:20.0875 4912 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:30:20.0875 4912 Modem - ok
14:30:20.0905 4912 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:30:20.0905 4912 monitor - ok
14:30:20.0985 4912 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:30:20.0995 4912 mouclass - ok
14:30:21.0015 4912 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:30:21.0025 4912 mouhid - ok
14:30:21.0075 4912 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
14:30:21.0146 4912 mountmgr - ok
14:30:21.0376 4912 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:30:21.0449 4912 MozillaMaintenance - ok
14:30:21.0498 4912 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
14:30:21.0548 4912 mpio - ok
14:30:21.0648 4912 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:30:21.0648 4912 mpsdrv - ok
14:30:21.0708 4912 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
14:30:21.0778 4912 MRxDAV - ok
14:30:21.0838 4912 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:30:21.0888 4912 mrxsmb - ok
14:30:22.0098 4912 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:30:22.0179 4912 mrxsmb10 - ok
14:30:22.0299 4912 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:30:22.0369 4912 mrxsmb20 - ok
14:30:22.0419 4912 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
14:30:22.0479 4912 msahci - ok
14:30:22.0519 4912 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
14:30:22.0599 4912 msdsm - ok
14:30:22.0679 4912 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:30:22.0679 4912 MSDTC - ok
14:30:22.0719 4912 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:30:22.0729 4912 Msfs - ok
14:30:22.0739 4912 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:30:22.0749 4912 mshidkmdf - ok
14:30:22.0769 4912 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
14:30:22.0779 4912 msisadrv - ok
14:30:22.0829 4912 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:30:22.0829 4912 MSiSCSI - ok
14:30:22.0839 4912 msiserver - ok
14:30:22.0859 4912 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:30:22.0859 4912 MSKSSRV - ok
14:30:22.0869 4912 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:30:22.0879 4912 MSPCLOCK - ok
14:30:22.0899 4912 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:30:22.0909 4912 MSPQM - ok
14:30:22.0979 4912 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
14:30:23.0039 4912 MsRPC - ok
14:30:23.0159 4912 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
14:30:23.0169 4912 mssmbios - ok
14:30:23.0199 4912 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:30:23.0199 4912 MSTEE - ok
14:30:23.0239 4912 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:30:23.0249 4912 MTConfig - ok
14:30:23.0329 4912 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:30:23.0339 4912 Mup - ok
14:30:23.0709 4912 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
14:30:23.0759 4912 napagent - ok
14:30:24.0229 4912 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:30:24.0249 4912 NativeWifiP - ok
14:30:24.0389 4912 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
14:30:24.0479 4912 NDIS - ok
14:30:24.0539 4912 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:30:24.0559 4912 NdisCap - ok
14:30:24.0589 4912 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:30:24.0599 4912 NdisTapi - ok
14:30:24.0759 4912 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
14:30:24.0820 4912 Ndisuio - ok
14:30:24.0891 4912 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
14:30:24.0968 4912 NdisWan - ok
14:30:25.0013 4912 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
14:30:25.0053 4912 NDProxy - ok
14:30:25.0163 4912 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:30:25.0173 4912 NetBIOS - ok
14:30:25.0333 4912 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
14:30:25.0383 4912 NetBT - ok
14:30:25.0463 4912 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:25.0463 4912 Netlogon - ok
14:30:25.0563 4912 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:30:25.0643 4912 Netman - ok
14:30:26.0045 4912 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:26.0175 4912 NetMsmqActivator - ok
14:30:26.0185 4912 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:26.0185 4912 NetPipeActivator - ok
14:30:26.0237 4912 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:30:26.0257 4912 netprofm - ok
14:30:26.0277 4912 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:26.0277 4912 NetTcpActivator - ok
14:30:26.0277 4912 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:30:26.0287 4912 NetTcpPortSharing - ok
14:30:26.0467 4912 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:30:26.0477 4912 nfrd960 - ok
14:30:27.0229 4912 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
14:30:27.0229 4912 NlaSvc - ok
14:30:27.0299 4912 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:30:27.0399 4912 Npfs - ok
14:30:27.0429 4912 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:30:27.0509 4912 nsi - ok
14:30:27.0549 4912 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:30:27.0589 4912 nsiproxy - ok
14:30:29.0039 4912 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
14:30:29.0181 4912 Ntfs - ok
14:30:29.0681 4912 NuidFltr (4c08a14d04e62963e96e0bb57bbc953b) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:30:29.0741 4912 NuidFltr - ok
14:30:29.0791 4912 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:30:29.0801 4912 Null - ok
14:30:29.0871 4912 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
14:30:29.0971 4912 nvraid - ok
14:30:29.0991 4912 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
14:30:30.0061 4912 nvstor - ok
14:30:30.0101 4912 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
14:30:30.0111 4912 nv_agp - ok
14:30:30.0181 4912 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
14:30:30.0201 4912 ohci1394 - ok
14:30:30.0401 4912 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:30:30.0461 4912 ose - ok
14:30:31.0001 4912 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:30:31.0274 4912 osppsvc - ok
14:30:32.0286 4912 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:30:32.0306 4912 p2pimsvc - ok
14:30:32.0356 4912 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:30:32.0386 4912 p2psvc - ok
14:30:32.0436 4912 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:30:32.0446 4912 Parport - ok
14:30:32.0616 4912 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
14:30:32.0686 4912 partmgr - ok
14:30:32.0776 4912 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:30:32.0796 4912 PcaSvc - ok
14:30:32.0886 4912 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
14:30:32.0958 4912 pci - ok
14:30:33.0008 4912 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
14:30:33.0018 4912 pciide - ok
14:30:33.0058 4912 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:30:33.0058 4912 pcmcia - ok
14:30:33.0078 4912 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:30:33.0088 4912 pcw - ok

 

[Animeniak7530]

14:30:33.0168 4912 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:30:33.0198 4912 PEAUTH - ok
14:30:33.0318 4912 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:30:33.0318 4912 PerfHost - ok
14:30:33.0418 4912 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
14:30:33.0618 4912 pla - ok
14:30:33.0688 4912 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
14:30:33.0738 4912 PlugPlay - ok
14:30:33.0768 4912 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:30:33.0778 4912 PNRPAutoReg - ok
14:30:33.0808 4912 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:30:33.0808 4912 PNRPsvc - ok
14:30:33.0888 4912 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
14:30:33.0948 4912 Point64 - ok
14:30:34.0088 4912 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
14:30:34.0158 4912 PolicyAgent - ok
14:30:34.0218 4912 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:30:34.0228 4912 Power - ok
14:30:34.0298 4912 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
14:30:34.0368 4912 PptpMiniport - ok
14:30:34.0478 4912 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:30:34.0478 4912 Processor - ok
14:30:34.0548 4912 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
14:30:34.0588 4912 ProfSvc - ok
14:30:34.0658 4912 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:34.0668 4912 ProtectedStorage - ok
14:30:35.0499 4912 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
14:30:35.0579 4912 Psched - ok
14:30:35.0619 4912 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
14:30:35.0709 4912 PxHlpa64 - ok
14:30:35.0799 4912 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:30:35.0839 4912 ql2300 - ok
14:30:36.0009 4912 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:30:36.0189 4912 ql40xx - ok
14:30:36.0274 4912 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:30:36.0594 4912 QWAVE - ok
14:30:36.0664 4912 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:30:36.0674 4912 QWAVEdrv - ok
14:30:36.0704 4912 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:30:36.0714 4912 RasAcd - ok
14:30:36.0744 4912 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:30:36.0754 4912 RasAgileVpn - ok
14:30:36.0774 4912 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:30:36.0794 4912 RasAuto - ok
14:30:36.0844 4912 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:30:36.0924 4912 Rasl2tp - ok
14:30:37.0004 4912 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
14:30:37.0054 4912 RasMan - ok
14:30:37.0144 4912 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:30:37.0154 4912 RasPppoe - ok
14:30:37.0224 4912 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:30:37.0224 4912 RasSstp - ok
14:30:37.0244 4912 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
14:30:37.0344 4912 rdbss - ok
14:30:37.0364 4912 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:30:37.0374 4912 rdpbus - ok
14:30:37.0394 4912 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:30:37.0394 4912 RDPCDD - ok
14:30:37.0424 4912 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:30:37.0424 4912 RDPENCDD - ok
14:30:37.0444 4912 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:30:37.0444 4912 RDPREFMP - ok
14:30:37.0554 4912 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
14:30:37.0604 4912 RDPWD - ok
14:30:37.0714 4912 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
14:30:37.0804 4912 rdyboost - ok
14:30:37.0854 4912 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:30:37.0864 4912 RemoteAccess - ok
14:30:37.0904 4912 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:30:37.0914 4912 RemoteRegistry - ok
14:30:38.0014 4912 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:30:38.0024 4912 RFCOMM - ok
14:30:38.0044 4912 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:30:38.0054 4912 RpcEptMapper - ok
14:30:38.0084 4912 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:30:38.0084 4912 RpcLocator - ok
14:30:38.0164 4912 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
14:30:38.0164 4912 RpcSs - ok
14:30:38.0244 4912 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:30:38.0254 4912 rspndr - ok
14:30:38.0294 4912 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
14:30:38.0364 4912 RSUSBSTOR - ok
14:30:38.0464 4912 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:38.0464 4912 SamSs - ok
14:30:38.0614 4912 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
14:30:38.0664 4912 SASDIFSV - ok
14:30:38.0714 4912 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
14:30:38.0794 4912 SASKUTIL - ok
14:30:38.0854 4912 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
14:30:38.0904 4912 sbp2port - ok
14:30:38.0964 4912 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:30:38.0984 4912 SCardSvr - ok
14:30:39.0024 4912 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
14:30:39.0084 4912 scfilter - ok
14:30:39.0194 4912 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
14:30:39.0404 4912 Schedule - ok
14:30:39.0466 4912 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
14:30:39.0476 4912 SCPolicySvc - ok
14:30:39.0556 4912 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
14:30:39.0596 4912 SDRSVC - ok
14:30:39.0708 4912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:30:39.0708 4912 secdrv - ok
14:30:39.0758 4912 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
14:30:39.0828 4912 seclogon - ok
14:30:39.0888 4912 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:30:39.0898 4912 SENS - ok
14:30:39.0938 4912 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:30:39.0978 4912 SensrSvc - ok
14:30:40.0018 4912 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:30:40.0028 4912 Serenum - ok
14:30:40.0038 4912 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:30:40.0048 4912 Serial - ok
14:30:40.0108 4912 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:30:40.0108 4912 sermouse - ok
14:30:40.0198 4912 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
14:30:40.0238 4912 SessionEnv - ok
14:30:40.0268 4912 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
14:30:40.0268 4912 sffdisk - ok
14:30:40.0298 4912 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
14:30:40.0298 4912 sffp_mmc - ok
14:30:40.0318 4912 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
14:30:40.0378 4912 sffp_sd - ok
14:30:40.0428 4912 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:30:40.0438 4912 sfloppy - ok
14:30:40.0538 4912 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:30:40.0678 4912 Sftfs - ok
14:30:40.0858 4912 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:30:40.0968 4912 sftlist - ok
14:30:41.0218 4912 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:30:41.0298 4912 Sftplay - ok
14:30:41.0398 4912 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:30:41.0470 4912 Sftredir - ok
14:30:41.0640 4912 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
14:30:41.0770 4912 SftService - ok
14:30:42.0020 4912 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:30:42.0110 4912 Sftvol - ok
14:30:42.0380 4912 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:30:42.0470 4912 sftvsa - ok
14:30:42.0610 4912 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
14:30:42.0830 4912 ShellHWDetection - ok
14:30:43.0000 4912 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:30:43.0000 4912 SiSRaid2 - ok
14:30:43.0130 4912 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:30:43.0130 4912 SiSRaid4 - ok
14:30:43.0180 4912 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:30:43.0200 4912 Smb - ok
14:30:43.0240 4912 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:30:43.0250 4912 SNMPTRAP - ok
14:30:43.0270 4912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:30:43.0280 4912 spldr - ok
14:30:43.0420 4912 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
14:30:43.0530 4912 Spooler - ok
14:30:43.0830 4912 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
14:30:43.0850 4912 sppsvc - ok
14:30:44.0070 4912 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:30:44.0080 4912 sppuinotify - ok
14:30:44.0311 4912 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
14:30:44.0413 4912 sprtsvc_DellSupportCenter - ok
14:30:44.0543 4912 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
14:30:44.0653 4912 srv - ok
14:30:44.0709 4912 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
14:30:44.0795 4912 srv2 - ok
14:30:44.0865 4912 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
14:30:44.0935 4912 srvnet - ok
14:30:44.0995 4912 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:30:44.0995 4912 SSDPSRV - ok
14:30:45.0015 4912 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:30:45.0025 4912 SstpSvc - ok
14:30:45.0105 4912 Steam Client Service - ok
14:30:45.0155 4912 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:30:45.0165 4912 stexstor - ok
14:30:45.0265 4912 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
14:30:45.0335 4912 stisvc - ok
14:30:45.0405 4912 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
14:30:45.0405 4912 swenum - ok
14:30:45.0475 4912 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:30:45.0505 4912 swprv - ok
14:30:45.0545 4912 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
14:30:45.0655 4912 SynTP - ok
14:30:45.0885 4912 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
14:30:45.0935 4912 SysMain - ok
14:30:46.0215 4912 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
14:30:46.0275 4912 TabletInputService - ok
14:30:46.0835 4912 TabletServicePen (25999f2134be3ea656d1f8d50fa089e6) C:\Windows\system32\Pen_Tablet.exe
14:30:47.0065 4912 TabletServicePen - ok
14:30:47.0287 4912 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
14:30:47.0337 4912 TapiSrv - ok
14:30:47.0387 4912 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:30:47.0397 4912 TBS - ok
14:30:48.0637 4912 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
14:30:48.0879 4912 Tcpip - ok
14:30:50.0009 4912 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
14:30:50.0019 4912 TCPIP6 - ok
14:30:50.0319 4912 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
14:30:50.0359 4912 tcpipreg - ok
14:30:50.0429 4912 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:30:50.0439 4912 TDPIPE - ok
14:30:50.0489 4912 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
14:30:50.0559 4912 TDTCP - ok
14:30:50.0639 4912 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
14:30:50.0699 4912 tdx - ok
14:30:50.0799 4912 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
14:30:50.0929 4912 TermDD - ok
14:30:51.0149 4912 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
14:30:51.0260 4912 TermService - ok
14:30:51.0340 4912 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:30:51.0350 4912 Themes - ok
14:30:51.0380 4912 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:30:51.0380 4912 THREADORDER - ok
14:30:51.0400 4912 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:30:51.0410 4912 TrkWks - ok
14:30:51.0500 4912 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
14:30:51.0560 4912 TrustedInstaller - ok
14:30:51.0640 4912 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:30:51.0720 4912 tssecsrv - ok
14:30:51.0810 4912 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
14:30:51.0880 4912 TsUsbFlt - ok
14:30:52.0170 4912 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
14:30:52.0260 4912 tunnel - ok
14:30:52.0310 4912 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
14:30:52.0378 4912 TurboB - ok
14:30:52.0462 4912 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
14:30:52.0562 4912 TurboBoost - ok
14:30:52.0712 4912 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:30:52.0712 4912 uagp35 - ok
14:30:52.0782 4912 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
14:30:52.0862 4912 udfs - ok
14:30:52.0902 4912 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:30:52.0912 4912 UI0Detect - ok
14:30:52.0982 4912 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
14:30:52.0992 4912 uliagpkx - ok
14:30:53.0042 4912 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
14:30:53.0112 4912 umbus - ok
14:30:53.0192 4912 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:30:53.0192 4912 UmPass - ok
14:30:53.0432 4912 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:30:53.0442 4912 UNS - ok
14:30:53.0602 4912 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:30:53.0612 4912 upnphost - ok
14:30:53.0852 4912 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
14:30:53.0912 4912 USBAAPL64 - ok
14:30:53.0974 4912 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
14:30:54.0034 4912 usbccgp - ok
14:30:54.0214 4912 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
14:30:54.0214 4912 usbcir - ok
14:30:54.0264 4912 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
14:30:54.0324 4912 usbehci - ok
14:30:54.0414 4912 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
14:30:54.0464 4912 usbhub - ok
14:30:54.0514 4912 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
14:30:54.0584 4912 usbohci - ok
14:30:54.0634 4912 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:30:54.0634 4912 usbprint - ok
14:30:54.0714 4912 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:30:54.0714 4912 usbscan - ok
14:30:54.0774 4912 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:30:54.0824 4912 USBSTOR - ok
14:30:54.0844 4912 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
14:30:54.0904 4912 usbuhci - ok
14:30:54.0964 4912 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
14:30:55.0024 4912 usbvideo - ok
14:30:55.0114 4912 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:30:55.0124 4912 UxSms - ok
14:30:55.0174 4912 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
14:30:55.0174 4912 VaultSvc - ok
14:30:55.0234 4912 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
14:30:55.0234 4912 vdrvroot - ok
14:30:55.0304 4912 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
14:30:55.0384 4912 vds - ok
14:30:55.0424 4912 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:30:55.0424 4912 vga - ok
14:30:55.0444 4912 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:30:55.0444 4912 VgaSave - ok
14:30:55.0504 4912 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
14:30:55.0554 4912 vhdmp - ok
14:30:55.0594 4912 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
14:30:55.0594 4912 viaide - ok
14:30:55.0614 4912 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
14:30:55.0684 4912 volmgr - ok
14:30:55.0754 4912 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
14:30:55.0834 4912 volmgrx - ok
14:30:55.0864 4912 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
14:30:55.0924 4912 volsnap - ok
14:30:56.0064 4912 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:30:56.0064 4912 vsmraid - ok
14:30:56.0184 4912 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
14:30:56.0354 4912 VSS - ok
14:30:56.0554 4912 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
14:30:56.0704 4912 vToolbarUpdater11.2.0 - ok
14:30:56.0914 4912 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:30:56.0924 4912 vwifibus - ok
14:30:57.0004 4912 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:30:57.0014 4912 vwififlt - ok
14:30:57.0044 4912 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:30:57.0054 4912 vwifimp - ok
14:30:57.0134 4912 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:30:57.0144 4912 W32Time - ok
14:30:57.0224 4912 wacmoumonitor (4f1fbd963f8520b7ce80ffa73ef7de1d) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
14:30:57.0274 4912 wacmoumonitor - ok
14:30:57.0354 4912 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
14:30:57.0414 4912 wacommousefilter - ok
14:30:57.0484 4912 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:30:57.0494 4912 WacomPen - ok
14:30:57.0554 4912 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\Windows\system32\DRIVERS\wacomvhid.sys
14:30:57.0614 4912 wacomvhid - ok
14:30:57.0726 4912 WacomVKHid (8b4255329edfba3ecfbd0714476fad38) C:\Windows\system32\DRIVERS\WacomVKHid.sys
14:30:57.0786 4912 WacomVKHid - ok
14:30:57.0896 4912 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:57.0946 4912 WANARP - ok
14:30:57.0996 4912 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
14:30:57.0996 4912 Wanarpv6 - ok
14:30:58.0116 4912 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:30:58.0376 4912 WatAdminSvc - ok
14:30:58.0576 4912 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
14:30:58.0696 4912 wbengine - ok
14:30:58.0946 4912 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:30:58.0956 4912 WbioSrvc - ok
14:30:59.0026 4912 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
14:30:59.0086 4912 wcncsvc - ok
14:30:59.0122 4912 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:30:59.0127 4912 WcsPlugInService - ok
14:30:59.0178 4912 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:30:59.0188 4912 Wd - ok
14:30:59.0328 4912 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:30:59.0338 4912 Wdf01000 - ok
14:30:59.0388 4912 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:30:59.0398 4912 WdiServiceHost - ok
14:30:59.0398 4912 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:30:59.0408 4912 WdiSystemHost - ok
14:30:59.0478 4912 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
14:30:59.0528 4912 WebClient - ok
14:30:59.0558 4912 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:30:59.0578 4912 Wecsvc - ok
14:30:59.0598 4912 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:30:59.0598 4912 wercplsupport - ok
14:30:59.0648 4912 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:30:59.0648 4912 WerSvc - ok
14:30:59.0708 4912 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:30:59.0718 4912 WfpLwf - ok
14:30:59.0768 4912 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:30:59.0828 4912 WimFltr - ok
14:30:59.0888 4912 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:30:59.0888 4912 WIMMount - ok
14:30:59.0898 4912 WinHttpAutoProxySvc - ok
14:30:59.0968 4912 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:30:59.0968 4912 Winmgmt - ok
14:31:00.0108 4912 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
14:31:00.0268 4912 WinRM - ok
14:31:00.0448 4912 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
14:31:00.0508 4912 WinUsb - ok
14:31:00.0620 4912 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:31:00.0780 4912 Wlansvc - ok
14:31:00.0990 4912 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
14:31:01.0060 4912 wltrysvc - ok
14:31:01.0130 4912 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
14:31:01.0130 4912 WmiAcpi - ok
14:31:01.0190 4912 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:31:01.0200 4912 wmiApSrv - ok
14:31:01.0260 4912 WMPNetworkSvc - ok
14:31:01.0291 4912 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:31:01.0301 4912 WPCSvc - ok
14:31:01.0351 4912 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
14:31:01.0401 4912 WPDBusEnum - ok
14:31:01.0421 4912 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:31:01.0421 4912 ws2ifsl - ok
14:31:01.0433 4912 WSearch - ok
14:31:01.0523 4912 WTouchService (21903f2fc8f70c1fc2aaaa2f06c2c665) C:\Program Files\WTouch\WTouchService.exe
14:31:01.0603 4912 WTouchService - ok
14:31:02.0675 4912 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
14:31:02.0715 4912 wuauserv - ok
14:31:03.0015 4912 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
14:31:03.0075 4912 WudfPf - ok
14:31:03.0147 4912 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:31:03.0207 4912 WUDFRd - ok
14:31:03.0457 4912 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
14:31:03.0507 4912 wudfsvc - ok
14:31:03.0547 4912 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:31:03.0567 4912 WwanSvc - ok
14:31:03.0617 4912 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:31:03.0664 4912 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:31:03.0664 4912 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:31:03.0719 4912 Boot (0x1200) (79ed531b8aef9bad535b4adefc409b13) \Device\Harddisk0\DR0\Partition0
14:31:03.0719 4912 \Device\Harddisk0\DR0\Partition0 - ok
14:31:03.0729 4912 Boot (0x1200) (2340c985aa75654c7597e3a6ea3097d0) \Device\Harddisk0\DR0\Partition1
14:31:03.0739 4912 \Device\Harddisk0\DR0\Partition1 - ok
14:31:03.0739 4912 ============================================================
14:31:03.0739 4912 Scan finished
14:31:03.0739 4912 ============================================================
14:31:03.0749 3672 Detected object count: 1
14:31:03.0749 3672 Actual detected object count: 1
14:31:41.0679 3672 \Device\Harddisk0\DR0\# - copied to quarantine
14:31:41.0689 3672 \Device\Harddisk0\DR0 - copied to quarantine
14:31:42.0021 3672 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:31:42.0231 3672 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:31:42.0301 3672 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
14:31:56.0425 3672 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
14:31:56.0525 3672 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:31:56.0805 3672 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:31:56.0965 3672 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:31:56.0995 3672 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:31:57.0015 3672 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:31:57.0035 3672 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:31:57.0315 3672 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:31:57.0465 3672 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:31:57.0465 3672 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:31:57.0525 3672 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:31:57.0555 3672 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:31:57.0705 3672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:31:57.0755 3672 \Device\Harddisk0\DR0 - ok
14:31:57.0865 3672 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:43:15.0689 2684 Deinitialize success

 

[Broni]

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

============================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Animeniak7530]

RK gave me the option to remove selected files, which I did not do, since I was unsure if I should.

RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kyle [Admin rights]
Mode: Scan -- Date: 07/16/2012 18:32:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤
[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\kyle\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\kyle\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\kyle\appdata\local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] dd6967e897e9549401c89a8d9f38da4a
[BSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 461837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

-------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 18:35:03
-----------------------------
18:35:03.602 OS Version: Windows x64 6.1.7601 Service Pack 1
18:35:03.602 Number of processors: 4 586 0x2505
18:35:03.603 ComputerName: KYLE-PC UserName: Kyle
18:35:05.118 Initialize success
18:41:07.741 AVAST engine defs: 12071601
18:42:18.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:42:18.974 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
18:42:18.990 Disk 0 MBR read successfully
18:42:18.990 Disk 0 MBR scan
18:42:18.990 Disk 0 Windows VISTA default MBR code
18:42:18.990 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
18:42:19.005 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208845
18:42:19.021 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928845
18:42:19.071 Disk 0 scanning C:\Windows\system32\drivers
18:42:36.598 Service scanning
18:43:08.986 Modules scanning
18:43:08.986 Disk 0 trace - called modules:
18:43:09.017 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:43:09.017 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c5d790]
18:43:09.017 3 CLASSPNP.SYS[fffff8800186c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004998050]
18:43:10.468 AVAST engine scan C:\Windows
18:43:13.323 AVAST engine scan C:\Windows\system32
18:46:36.901 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:46:41.347 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:49:39.781 AVAST engine scan C:\Windows\system32\drivers
18:50:00.748 AVAST engine scan C:\Users\Kyle
18:54:58.729 File: C:\Users\Kyle\AppData\Local\Temp\E2A7.tmp **INFECTED** Win32:Crypt-NBS [Trj]
19:12:25.929 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
19:12:25.929 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"

 

[Broni]

Yeah, we removed TDSS infection but you're also infected with ZeroAccess rootkit.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Animeniak7530]

Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 18-07-2012 15:01:17
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5470208 2009-12-17] (Dell Inc.)
HKLM\...\Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [148280 2011-01-23] ()
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DellSupportCenter] "c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1557160 2012-04-09] (Ask)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-07-09] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run [x]
HKLM-x32\...\Run: [Jaksta Free Video History] "C:\Program Files (x86)\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe" -monitor [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Kyle\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKU\Kyle\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)
HKU\Kyle\...\Run: [Facebook Update] "C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKU\Kyle\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4786048 2012-06-20] (SUPERAntiSpyware.com)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-08] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Kyle\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [45736 2010-04-14] (Lexmark International, Inc.)
2 lxeb_device; C:\Windows\system32\lxebcoms.exe -service [1052328 2010-04-14] ( )
2 lxeb_device; C:\Windows\SysWow64\lxebcoms.exe -service [598696 2010-04-14] ( )
4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)
4 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-09-30] (Intel Corporation)
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-09] ()
2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MEMSWEEP2; \??\C:\Windows\system32\5C24.tmp [6144 2011-05-12] (Sophos Plc)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
3 ALSysIO; \??\C:\Users\Kyle\AppData\Local\Temp\ALSysIO64.sys [x]
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [x]
3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-18 06:25 - 2012-07-18 06:25 - 01437107 ____A (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2012-07-18 06:17 - 2012-07-18 06:17 - 00012812 ____A C:\Users\Kyle\.recently-used.xbel
2012-07-18 04:26 - 2012-07-18 06:21 - 00000000 ____D C:\Users\Kyle\Desktop\Headshots
2012-07-17 01:31 - 2012-07-17 01:31 - 00001177 ____A C:\Users\Kyle\Desktop\FrostWire 5.3.8.lnk
2012-07-16 21:12 - 2012-07-16 21:12 - 00002104 ____A C:\Users\Kyle\Desktop\aswMBR.txt
2012-07-16 21:12 - 2012-07-16 21:12 - 00000512 ____A C:\Users\Kyle\Desktop\MBR.dat
2012-07-16 20:32 - 2012-07-16 20:32 - 00002356 ____A C:\Users\Kyle\Desktop\RKreport[1].txt
2012-07-16 20:32 - 2012-07-16 20:32 - 00000000 ____D C:\Users\Kyle\Desktop\RK_Quarantine
2012-07-16 20:29 - 2012-07-16 20:30 - 04731392 ____A (AVAST Software) C:\Users\Kyle\Desktop\aswMBR.exe
2012-07-16 20:29 - 2012-07-16 20:29 - 01558528 ____A C:\Users\Kyle\Desktop\RogueKiller.exe
2012-07-16 16:31 - 2012-07-16 16:31 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-16 16:25 - 2012-07-16 16:25 - 00000121 ____A C:\Users\Kyle\Desktop\[Active] - Random Audio and Advertisements in Background - TechSpot Forums.URL
2012-07-16 16:24 - 2012-07-09 14:48 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\TDSSKiller.exe
2012-07-16 16:24 - 2011-01-01 03:14 - 00002254 ___RA C:\Users\Kyle\Desktop\eula.txt
2012-07-16 16:12 - 2012-07-16 16:12 - 00275520 ____A C:\Windows\Minidump\071612-27378-01.dmp
2012-07-15 23:21 - 2012-07-15 23:21 - 00014894 ____A C:\Users\Kyle\Desktop\Attach.txt
2012-07-15 23:20 - 2012-07-15 23:20 - 00032953 ____A C:\Users\Kyle\Desktop\DDS.txt
2012-07-15 20:14 - 2012-07-15 20:14 - 00000411 ____A C:\Users\Kyle\Desktop\gmer.log
2012-07-15 18:01 - 2012-07-15 18:01 - 00607260 ____R (Swearware) C:\Users\Kyle\Desktop\dds.scr
2012-07-15 17:55 - 2012-07-15 17:55 - 00302592 ____A C:\Users\Kyle\Desktop\49d6xyh7.exe
2012-07-15 15:56 - 2012-07-15 15:56 - 00275520 ____A C:\Windows\Minidump\071512-24320-01.dmp
2012-07-15 01:28 - 2012-07-15 01:28 - 00275520 ____A C:\Windows\Minidump\071412-26410-01.dmp
2012-07-14 15:43 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-13 22:08 - 2012-07-13 22:42 - 108474942 ____A C:\Users\Kyle\Downloads\69458.mp4
2012-07-13 19:39 - 2012-07-13 19:39 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 19:39 - 2012-07-13 19:39 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 19:39 - 2012-07-13 19:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 19:39 - 2012-07-03 15:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-13 19:38 - 2012-07-13 19:39 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-13 19:33 - 2012-07-13 19:33 - 00000000 ____D C:\Users\Kyle\Downloads\backups
2012-07-13 19:28 - 2012-07-13 19:37 - 00017931 ____A C:\Users\Kyle\Downloads\hijackthis.log
2012-07-13 19:26 - 2012-07-13 19:26 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kyle\Downloads\HijackThis.exe
2012-07-13 15:23 - 2012-07-13 15:37 - 00022045 ____A C:\JavaRa.log
2012-07-13 15:23 - 2012-07-13 15:23 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-13 15:22 - 2012-07-13 15:21 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-13 15:22 - 2012-07-13 15:21 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-13 15:22 - 2012-07-06 00:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-13 15:22 - 2012-07-06 00:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-13 15:18 - 2012-07-13 15:18 - 00893936 ____A (Oracle Corporation) C:\Users\Kyle\Downloads\jxpiinstall.exe
2012-07-12 15:02 - 2012-07-12 15:37 - 00000000 ____D C:\Users\Kyle\My Documents\Ant Videos Relocated
2012-07-12 15:02 - 2012-07-12 15:37 - 00000000 ____D C:\Users\Kyle\Documents\Ant Videos Relocated
2012-07-12 14:31 - 2012-07-12 14:31 - 00275520 ____A C:\Windows\Minidump\071212-80605-01.dmp
2012-07-12 03:08 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 03:07 - 2012-07-12 03:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-11 15:23 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 15:23 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 15:23 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 15:22 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 15:22 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 15:22 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 15:22 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 15:22 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 15:22 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 15:22 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 15:22 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 15:22 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 15:22 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 15:22 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 15:22 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 15:22 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 15:22 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-11 15:22 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 15:22 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 18:35 - 2012-07-10 18:36 - 00275520 ____A C:\Windows\Minidump\071012-27534-01.dmp
2012-07-10 01:39 - 2012-07-10 16:37 - 00000000 ____D C:\Users\Kyle\Local Settings\Bit.Trip Beat
2012-07-10 01:39 - 2012-07-10 16:37 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Bit.Trip Beat
2012-07-10 01:39 - 2012-07-10 16:37 - 00000000 ____D C:\Users\Kyle\AppData\Local\Bit.Trip Beat
2012-07-10 01:34 - 2012-07-10 01:34 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-10 01:34 - 2012-07-10 01:34 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-10 01:34 - 2012-07-10 01:34 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-10 01:34 - 2012-07-10 01:34 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-10 01:34 - 2012-07-10 01:34 - 00000000 ____D C:\Program Files (x86)\OpenAL
2012-07-09 20:29 - 2012-07-09 20:30 - 00275520 ____A C:\Windows\Minidump\070912-30638-01.dmp
2012-07-07 20:08 - 2012-07-07 20:08 - 00275520 ____A C:\Windows\Minidump\070712-22354-01.dmp
2012-07-07 05:01 - 2012-07-07 05:01 - 00275520 ____A C:\Windows\Minidump\070712-21122-01.dmp
2012-07-07 02:42 - 2012-07-07 02:42 - 00275520 ____A C:\Windows\Minidump\070712-26956-01.dmp
2012-07-06 15:46 - 2012-07-06 15:46 - 00275520 ____A C:\Windows\Minidump\070612-34367-01.dmp
2012-07-06 04:13 - 2012-07-06 04:13 - 00275520 ____A C:\Windows\Minidump\070612-33571-01.dmp
2012-07-06 02:13 - 2012-07-06 02:13 - 00275520 ____A C:\Windows\Minidump\070612-31090-01.dmp
2012-07-05 19:22 - 2012-07-05 19:22 - 00275520 ____A C:\Windows\Minidump\070512-32900-01.dmp
2012-07-04 21:24 - 2012-07-04 21:24 - 00275520 ____A C:\Windows\Minidump\070412-24726-01.dmp
2012-07-02 02:56 - 2012-07-02 02:56 - 00000000 ____A C:\Windows\SysWOW64\shoD00D.tmp
2012-07-01 04:19 - 2012-07-01 04:19 - 00275520 ____A C:\Windows\Minidump\070112-29624-01.dmp
2012-07-01 03:26 - 2012-07-01 03:26 - 00000000 ____D C:\DataSafeOnline
2012-06-30 00:02 - 2012-06-30 00:02 - 00275520 ____A C:\Windows\Minidump\062912-32853-01.dmp
2012-06-29 03:32 - 2012-06-29 03:32 - 00275520 ____A C:\Windows\Minidump\062912-24538-01.dmp
2012-06-28 19:01 - 2012-06-28 19:01 - 00000000 __SHD C:\found.000
2012-06-28 15:35 - 2012-06-28 15:35 - 00000790 ____A C:\Users\Kyle\Desktop\Core Temp.lnk
2012-06-28 00:06 - 2012-06-28 16:23 - 00000419 ____A C:\Users\Kyle\Application Data\All CPU Meter_Settings.ini
2012-06-28 00:06 - 2012-06-28 16:23 - 00000419 ____A C:\Users\Kyle\AppData\Roaming\All CPU Meter_Settings.ini
2012-06-28 00:06 - 2012-06-28 00:06 - 01265164 ____A (Arthur Liberman ) C:\Users\Kyle\Downloads\Core-Temp-setup.exe
2012-06-27 23:40 - 2012-06-27 23:40 - 00275520 ____A C:\Windows\Minidump\062712-18501-01.dmp
2012-06-27 20:17 - 2012-06-27 20:17 - 00275520 ____A C:\Windows\Minidump\062712-53929-01.dmp
2012-06-27 18:22 - 2012-06-27 18:22 - 00275520 ____A C:\Windows\Minidump\062712-25677-01.dmp
2012-06-26 20:09 - 2012-06-26 20:09 - 00275520 ____A C:\Windows\Minidump\062612-24382-01.dmp
2012-06-25 19:41 - 2012-06-25 19:41 - 00275520 ____A C:\Windows\Minidump\062512-70746-01.dmp
2012-06-24 17:52 - 2012-06-24 17:52 - 00000000 ____D C:\Users\Kyle\Local Settings\Lazy 8 Studios
2012-06-24 17:52 - 2012-06-24 17:52 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Lazy 8 Studios
2012-06-24 17:52 - 2012-06-24 17:52 - 00000000 ____D C:\Users\Kyle\AppData\Local\Lazy 8 Studios
2012-06-24 01:32 - 2012-06-24 01:32 - 00275520 ____A C:\Windows\Minidump\062312-26707-02.dmp
2012-06-23 05:01 - 2012-06-23 05:01 - 00275520 ____A C:\Windows\Minidump\062312-24336-01.dmp
2012-06-23 03:04 - 2012-06-23 03:04 - 00275520 ____A C:\Windows\Minidump\062312-26707-01.dmp
2012-06-22 13:07 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 13:07 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 13:07 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 13:07 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 13:06 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 13:06 - 2012-06-02 17:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 13:06 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 13:06 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 13:06 - 2012-06-02 17:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 03:09 - 2012-06-22 03:09 - 00275520 ____A C:\Windows\Minidump\062212-27736-01.dmp
2012-06-20 04:47 - 2012-06-20 04:47 - 00275520 ____A C:\Windows\Minidump\062012-25240-01.dmp
2012-06-19 19:40 - 2012-06-19 19:40 - 00275520 ____A C:\Windows\Minidump\061912-19843-01.dmp
2012-06-19 17:20 - 2012-06-19 17:20 - 00000000 ____D C:\Users\Kyle\Local Settings\Microsoft Games
2012-06-19 17:20 - 2012-06-19 17:20 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Microsoft Games
2012-06-19 17:20 - 2012-06-19 17:20 - 00000000 ____D C:\Users\Kyle\AppData\Local\Microsoft Games
2012-06-18 15:19 - 2012-06-18 17:11 - 00000000 ____D C:\Users\Kyle\My Documents\My Free Media
2012-06-18 15:19 - 2012-06-18 17:11 - 00000000 ____D C:\Users\Kyle\Documents\My Free Media
2012-06-18 15:19 - 2012-06-18 15:19 - 00000000 ____D C:\Users\Kyle\Local Settings\Jaksta_Technologies_Pty_L
2012-06-18 15:19 - 2012-06-18 15:19 - 00000000 ____D C:\Users\Kyle\Local Settings\Application Data\Jaksta_Technologies_Pty_L
2012-06-18 15:19 - 2012-06-18 15:19 - 00000000 ____D C:\Users\Kyle\AppData\Local\Jaksta_Technologies_Pty_L
2012-06-18 15:18 - 2012-06-19 19:40 - 00000000 ____D C:\Program Files (x86)\Jaksta Technologies
2012-06-18 15:17 - 2012-06-18 15:18 - 05525728 ____A (Jaksta Technologies) C:\Users\Kyle\Downloads\FreeMediaRecorderToolbar.exe
2012-06-18 03:57 - 2012-06-18 03:57 - 07106104 ____A (Applian Technologies Inc.) C:\Users\Kyle\Downloads\FCTBSetup(3).exe


============ 3 Months Modified Files ========================

2012-07-18 06:38 - 2011-10-06 14:40 - 00047039 ____A C:\Users\All Users\lxebscan.log
2012-07-18 06:38 - 2011-10-06 14:40 - 00047039 ____A C:\Users\All Users\Application Data\lxebscan.log
2012-07-18 06:37 - 2011-12-30 19:58 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-18 06:37 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-18 06:37 - 2009-07-13 23:51 - 00069453 ____A C:\Windows\setupact.log
2012-07-18 06:30 - 2010-11-24 01:57 - 01162184 ____A C:\Windows\PFRO.log
2012-07-18 06:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-18 06:30 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-18 06:29 - 2009-07-14 00:10 - 01067462 ____A C:\Windows\WindowsUpdate.log
2012-07-18 06:25 - 2012-07-18 06:25 - 01437107 ____A (Farbar) C:\Users\Kyle\Desktop\FRST64.exe
2012-07-18 06:17 - 2012-07-18 06:17 - 00012812 ____A C:\Users\Kyle\.recently-used.xbel
2012-07-18 06:13 - 2011-12-30 19:59 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-18 05:54 - 2012-03-30 00:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-18 05:37 - 2012-01-30 00:27 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001UA.job
2012-07-18 04:08 - 2012-01-30 00:27 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001Core.job
2012-07-18 04:05 - 2009-07-14 00:13 - 00780196 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-17 01:31 - 2012-07-17 01:31 - 00001177 ____A C:\Users\Kyle\Desktop\FrostWire 5.3.8.lnk
2012-07-16 21:12 - 2012-07-16 21:12 - 00002104 ____A C:\Users\Kyle\Desktop\aswMBR.txt
2012-07-16 21:12 - 2012-07-16 21:12 - 00000512 ____A C:\Users\Kyle\Desktop\MBR.dat
2012-07-16 20:32 - 2012-07-16 20:32 - 00002356 ____A C:\Users\Kyle\Desktop\RKreport[1].txt
2012-07-16 20:30 - 2012-07-16 20:29 - 04731392 ____A (AVAST Software) C:\Users\Kyle\Desktop\aswMBR.exe
2012-07-16 20:29 - 2012-07-16 20:29 - 01558528 ____A C:\Users\Kyle\Desktop\RogueKiller.exe
2012-07-16 16:25 - 2012-07-16 16:25 - 00000121 ____A C:\Users\Kyle\Desktop\[Active] - Random Audio and Advertisements in Background - TechSpot Forums.URL
2012-07-16 16:12 - 2012-07-16 16:12 - 00275520 ____A C:\Windows\Minidump\071612-27378-01.dmp
2012-07-16 16:11 - 2010-12-30 02:33 - 392310018 ____A C:\Windows\MEMORY.DMP
2012-07-16 05:08 - 2011-10-12 01:25 - 00004964 ____A C:\Users\All Users\lxeb.log
2012-07-16 05:08 - 2011-10-12 01:25 - 00004964 ____A C:\Users\All Users\Application Data\lxeb.log
2012-07-15 23:21 - 2012-07-15 23:21 - 00014894 ____A C:\Users\Kyle\Desktop\Attach.txt
2012-07-15 23:20 - 2012-07-15 23:20 - 00032953 ____A C:\Users\Kyle\Desktop\DDS.txt
2012-07-15 20:14 - 2012-07-15 20:14 - 00000411 ____A C:\Users\Kyle\Desktop\gmer.log
2012-07-15 18:01 - 2012-07-15 18:01 - 00607260 ____R (Swearware) C:\Users\Kyle\Desktop\dds.scr
2012-07-15 17:55 - 2012-07-15 17:55 - 00302592 ____A C:\Users\Kyle\Desktop\49d6xyh7.exe
2012-07-15 15:56 - 2012-07-15 15:56 - 00275520 ____A C:\Windows\Minidump\071512-24320-01.dmp
2012-07-15 01:28 - 2012-07-15 01:28 - 00275520 ____A C:\Windows\Minidump\071412-26410-01.dmp
2012-07-13 22:42 - 2012-07-13 22:08 - 108474942 ____A C:\Users\Kyle\Downloads\69458.mp4
2012-07-13 19:39 - 2012-07-13 19:39 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 19:39 - 2012-07-13 19:39 - 00001071 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 19:39 - 2012-07-13 19:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.62.0.1300.exe
2012-07-13 19:37 - 2012-07-13 19:28 - 00017931 ____A C:\Users\Kyle\Downloads\hijackthis.log
2012-07-13 19:26 - 2012-07-13 19:26 - 00388608 ____A (Trend Micro Inc.) C:\Users\Kyle\Downloads\HijackThis.exe
2012-07-13 15:37 - 2012-07-13 15:23 - 00022045 ____A C:\JavaRa.log
2012-07-13 15:21 - 2012-07-13 15:22 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-13 15:21 - 2012-07-13 15:22 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-13 15:18 - 2012-07-13 15:18 - 00893936 ____A (Oracle Corporation) C:\Users\Kyle\Downloads\jxpiinstall.exe
2012-07-12 14:31 - 2012-07-12 14:31 - 00275520 ____A C:\Windows\Minidump\071212-80605-01.dmp
2012-07-12 14:28 - 2009-07-13 23:45 - 00426904 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 03:07 - 2012-07-12 03:07 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-12 03:01 - 2010-12-10 14:17 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 18:54 - 2012-03-30 00:12 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 18:54 - 2011-05-13 10:28 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 05:05 - 2011-02-11 16:47 - 00774412 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-10 18:36 - 2012-07-10 18:35 - 00275520 ____A C:\Windows\Minidump\071012-27534-01.dmp
2012-07-10 01:34 - 2012-07-10 01:34 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-07-10 01:34 - 2012-07-10 01:34 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-07-10 01:34 - 2012-07-10 01:34 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-07-10 01:34 - 2012-07-10 01:34 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-07-09 20:30 - 2012-07-09 20:29 - 00275520 ____A C:\Windows\Minidump\070912-30638-01.dmp
2012-07-09 18:30 - 2011-10-09 13:08 - 00011141 ____A C:\Users\All Users\lxebJSW.log
2012-07-09 18:30 - 2011-10-09 13:08 - 00011141 ____A C:\Users\All Users\Application Data\lxebJSW.log
2012-07-09 14:48 - 2012-07-16 16:24 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Kyle\Desktop\TDSSKiller.exe
2012-07-07 20:08 - 2012-07-07 20:08 - 00275520 ____A C:\Windows\Minidump\070712-22354-01.dmp
2012-07-07 05:01 - 2012-07-07 05:01 - 00275520 ____A C:\Windows\Minidump\070712-21122-01.dmp
2012-07-07 02:42 - 2012-07-07 02:42 - 00275520 ____A C:\Windows\Minidump\070712-26956-01.dmp
2012-07-06 15:46 - 2012-07-06 15:46 - 00275520 ____A C:\Windows\Minidump\070612-34367-01.dmp
2012-07-06 04:13 - 2012-07-06 04:13 - 00275520 ____A C:\Windows\Minidump\070612-33571-01.dmp
2012-07-06 02:13 - 2012-07-06 02:13 - 00275520 ____A C:\Windows\Minidump\070612-31090-01.dmp
2012-07-06 00:06 - 2012-07-13 15:22 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-06 00:06 - 2012-07-13 15:22 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-06 00:06 - 2010-11-24 00:05 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-05 19:22 - 2012-07-05 19:22 - 00275520 ____A C:\Windows\Minidump\070512-32900-01.dmp
2012-07-04 21:24 - 2012-07-04 21:24 - 00275520 ____A C:\Windows\Minidump\070412-24726-01.dmp
2012-07-03 15:46 - 2012-07-13 19:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 02:56 - 2012-07-02 02:56 - 00000000 ____A C:\Windows\SysWOW64\shoD00D.tmp
2012-07-01 04:19 - 2012-07-01 04:19 - 00275520 ____A C:\Windows\Minidump\070112-29624-01.dmp
2012-06-30 00:02 - 2012-06-30 00:02 - 00275520 ____A C:\Windows\Minidump\062912-32853-01.dmp
2012-06-29 03:32 - 2012-06-29 03:32 - 00275520 ____A C:\Windows\Minidump\062912-24538-01.dmp
2012-06-28 16:23 - 2012-06-28 00:06 - 00000419 ____A C:\Users\Kyle\Application Data\All CPU Meter_Settings.ini
2012-06-28 16:23 - 2012-06-28 00:06 - 00000419 ____A C:\Users\Kyle\AppData\Roaming\All CPU Meter_Settings.ini
2012-06-28 15:35 - 2012-06-28 15:35 - 00000790 ____A C:\Users\Kyle\Desktop\Core Temp.lnk
2012-06-28 00:06 - 2012-06-28 00:06 - 01265164 ____A (Arthur Liberman ) C:\Users\Kyle\Downloads\Core-Temp-setup.exe
2012-06-27 23:40 - 2012-06-27 23:40 - 00275520 ____A C:\Windows\Minidump\062712-18501-01.dmp
2012-06-27 20:17 - 2012-06-27 20:17 - 00275520 ____A C:\Windows\Minidump\062712-53929-01.dmp
2012-06-27 18:22 - 2012-06-27 18:22 - 00275520 ____A C:\Windows\Minidump\062712-25677-01.dmp
2012-06-26 20:09 - 2012-06-26 20:09 - 00275520 ____A C:\Windows\Minidump\062612-24382-01.dmp
2012-06-25 19:41 - 2012-06-25 19:41 - 00275520 ____A C:\Windows\Minidump\062512-70746-01.dmp
2012-06-24 01:32 - 2012-06-24 01:32 - 00275520 ____A C:\Windows\Minidump\062312-26707-02.dmp
2012-06-23 14:48 - 2009-07-14 00:08 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-23 05:01 - 2012-06-23 05:01 - 00275520 ____A C:\Windows\Minidump\062312-24336-01.dmp
2012-06-23 03:04 - 2012-06-23 03:04 - 00275520 ____A C:\Windows\Minidump\062312-26707-01.dmp
2012-06-22 03:09 - 2012-06-22 03:09 - 00275520 ____A C:\Windows\Minidump\062212-27736-01.dmp
2012-06-20 04:47 - 2012-06-20 04:47 - 00275520 ____A C:\Windows\Minidump\062012-25240-01.dmp
2012-06-19 19:40 - 2012-06-19 19:40 - 00275520 ____A C:\Windows\Minidump\061912-19843-01.dmp
2012-06-18 15:18 - 2012-06-18 15:17 - 05525728 ____A (Jaksta Technologies) C:\Users\Kyle\Downloads\FreeMediaRecorderToolbar.exe
2012-06-18 03:57 - 2012-06-18 03:57 - 07106104 ____A (Applian Technologies Inc.) C:\Users\Kyle\Downloads\FCTBSetup(3).exe
2012-06-17 23:49 - 2012-06-17 23:46 - 07106104 ____A (Applian Technologies Inc.) C:\Users\Kyle\Downloads\FCTBSetup(2).exe
2012-06-17 20:23 - 2012-06-17 20:23 - 00262144 ____A C:\Windows\Minidump\061712-31886-01.dmp
2012-06-17 20:13 - 2012-06-17 20:13 - 00275520 ____A C:\Windows\Minidump\061712-25786-01.dmp
2012-06-17 20:09 - 2012-06-17 20:09 - 12199736 ____A (Applian Technologies Inc.) C:\Users\Kyle\Downloads\FCTBSetup(1).exe
2012-06-17 19:07 - 2012-06-17 19:06 - 00275520 ____A C:\Windows\Minidump\061712-32557-01.dmp
2012-06-17 16:57 - 2012-06-17 16:57 - 00275520 ____A C:\Windows\Minidump\061712-21091-01.dmp
2012-06-17 02:56 - 2012-06-17 02:56 - 00262144 ____A C:\Windows\Minidump\061712-21652-01.dmp
2012-06-15 17:09 - 2012-06-15 17:08 - 00275520 ____A C:\Windows\Minidump\061512-33571-01.dmp
2012-06-15 14:43 - 2012-06-15 14:43 - 00275520 ____A C:\Windows\Minidump\061512-25958-01.dmp
2012-06-13 13:40 - 2012-06-13 13:40 - 00001745 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-13 13:40 - 2012-06-13 13:40 - 00001745 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-06-13 05:01 - 2012-06-13 05:01 - 00275520 ____A C:\Windows\Minidump\061312-27502-01.dmp
2012-06-11 22:08 - 2012-07-12 03:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 00:13 - 2012-06-11 00:13 - 00275520 ____A C:\Windows\Minidump\061012-21372-01.dmp
2012-06-10 21:45 - 2012-06-10 21:45 - 00275520 ____A C:\Windows\Minidump\061012-22386-01.dmp
2012-06-09 00:43 - 2012-07-11 15:22 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-07-11 15:22 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 02:37 - 2012-01-05 14:35 - 00001082 ____A C:\Users\Public\Desktop\Unity.lnk
2012-06-07 02:37 - 2012-01-05 14:35 - 00001082 ____A C:\Users\All Users\Desktop\Unity.lnk
2012-06-07 02:26 - 2012-06-07 02:19 - 533266928 ____A (Unity Technologies ApS) C:\Users\Kyle\Downloads\UnitySetup-3.5.2.exe
2012-06-06 01:06 - 2012-07-11 15:23 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-07-11 15:23 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-07-11 15:22 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-07-11 15:23 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-07-11 15:22 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-07-11 15:22 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 17:19 - 2012-06-22 13:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-22 13:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-22 13:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-22 13:06 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-22 13:06 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 17:19 - 2012-06-22 13:06 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-22 13:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-22 13:06 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 17:15 - 2012-06-22 13:06 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:52 - 2012-06-02 04:52 - 00058640 ____A C:\feathers.xcf
2012-06-02 00:50 - 2012-07-11 15:22 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-07-11 15:22 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-07-11 15:22 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-07-11 15:22 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-07-11 15:22 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-07-11 15:22 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-07-11 15:22 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-07-11 15:22 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-07-11 15:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 17:40 - 2012-06-01 17:40 - 00001899 ____A C:\Users\Public\Desktop\Blender.lnk
2012-06-01 17:40 - 2012-06-01 17:40 - 00001899 ____A C:\Users\All Users\Desktop\Blender.lnk
2012-06-01 17:37 - 2012-06-01 17:36 - 33231558 ____A C:\Users\Kyle\Downloads\blender-2.63a-release-windows64.exe
2012-05-28 16:50 - 2012-05-28 16:50 - 00035521 ____A C:\Users\Kyle\Downloads\Banned_episode.htm
2012-05-26 03:50 - 2011-04-29 00:08 - 00003584 ____A C:\Users\Kyle\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-26 03:50 - 2011-04-29 00:08 - 00003584 ____A C:\Users\Kyle\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-26 03:50 - 2011-04-29 00:08 - 00003584 ____A C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-22 19:40 - 2012-05-22 19:40 - 01410192 ____A C:\Users\Kyle\Downloads\sar_15_sfx.exe
2012-05-22 02:49 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini
2012-05-21 17:07 - 2010-12-07 17:42 - 00114976 ____A C:\Users\Kyle\Local Settings\GDIPFONTCACHEV1.DAT
2012-05-21 17:07 - 2010-12-07 17:42 - 00114976 ____A C:\Users\Kyle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-05-21 17:07 - 2010-12-07 17:42 - 00114976 ____A C:\Users\Kyle\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-21 16:58 - 2012-05-21 18:29 - 00003021 ____A C:\Users\Kyle\Desktop\Microsoft Word 2010.lnk
2012-05-21 04:22 - 2012-05-21 04:22 - 00000091 ____A C:\Users\Kyle\Desktop\Google Redirect Virus - Yahoo! Answers.URL
2012-05-21 00:42 - 2012-05-21 00:42 - 00017482 ____A C:\Users\Kyle\Downloads\Primordus.htm
2012-05-20 18:19 - 2012-05-20 18:19 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-20 18:19 - 2012-05-20 18:19 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-05-20 18:17 - 2012-05-20 18:16 - 12903112 ____A (SUPERAntiSpyware.com) C:\Users\Kyle\Downloads\SUPERAntiSpyware.exe
2012-05-20 18:17 - 2012-05-20 18:16 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Kyle\Downloads\mbam-setup-1.61.0.1400.exe
2012-05-16 22:55 - 2012-05-16 22:55 - 03897504 ____A (AVG Technologies) C:\Users\Kyle\Downloads\avg_avct_stb_all_2012_1796_cm10.exe
2012-05-16 17:20 - 2012-05-16 17:20 - 00001807 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-16 17:20 - 2012-05-16 17:20 - 00001807 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk
2012-05-14 23:01 - 2012-06-12 18:52 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 22:59 - 2012-06-12 18:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 22:03 - 2012-06-12 18:52 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 22:00 - 2012-06-12 18:52 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-12 19:48 - 2012-05-12 19:48 - 00000052 ____A C:\Users\Kyle\Desktop\playR - Free old school flash gaming action online!.URL
2012-05-11 23:46 - 2010-11-24 00:19 - 00189561 ____A C:\Windows\DirectX.log
2012-05-11 03:32 - 2012-05-11 03:32 - 00000104 ____A C:\Users\Kyle\Desktop\How to Squat The Ultimate Guide To Proper Form on Squats StrongLifts.com.URL
2012-05-11 03:22 - 2012-05-11 03:22 - 00000085 ____A C:\Users\Kyle\Desktop\7 Powerful Tips To Master Perfect Barbell Row Technique StrongLifts.com.URL
2012-05-11 03:20 - 2012-05-11 03:20 - 00000072 ____A C:\Users\Kyle\Desktop\How to Boost Your Flexibility with Shoulders Dislocations StrongLifts.com.URL
2012-05-11 03:19 - 2012-05-11 03:19 - 00000114 ____A C:\Users\Kyle\Desktop\How to Master The Bench Press StrongLifts.com.URL
2012-05-04 06:06 - 2012-06-12 18:51 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:03 - 2012-06-12 18:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:03 - 2012-06-12 18:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 00:40 - 2012-06-12 18:51 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 15:59 - 2012-04-29 15:49 - 00001056 ____A C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2012-04-29 15:59 - 2012-04-29 15:49 - 00001056 ____A C:\Users\All Users\Desktop\Warcraft III - The Frozen Throne.lnk
2012-04-28 04:57 - 2012-04-28 04:57 - 00000075 ____A C:\Users\Kyle\Desktop\How Long Should I Rest Between Sets.URL
2012-04-27 22:55 - 2012-06-12 18:51 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:41 - 2012-06-12 18:52 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:41 - 2012-06-12 18:52 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:34 - 2012-06-12 18:52 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-25 20:13 - 2012-04-25 20:04 - 00001011 ____A C:\Users\Public\Desktop\Warcraft III.lnk
2012-04-25 20:13 - 2012-04-25 20:04 - 00001011 ____A C:\Users\All Users\Desktop\Warcraft III.lnk
2012-04-24 00:37 - 2012-06-12 18:51 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:37 - 2012-06-12 18:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:37 - 2012-06-12 18:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:36 - 2012-06-12 18:51 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:36 - 2012-06-12 18:51 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:36 - 2012-06-12 18:51 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 02:54 - 2012-04-23 02:54 - 00000069 ____A C:\Users\Kyle\Desktop\Rune Meanings - The Elder Futhark.URL
2012-04-23 02:21 - 2012-04-23 02:21 - 00000070 ____A C:\Users\Kyle\Desktop\Norse Mythology.URL
2012-04-20 00:42 - 2012-06-12 18:52 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-20 00:42 - 2012-06-12 18:52 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 00:42 - 2012-06-12 18:52 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-20 00:42 - 2012-06-12 18:52 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 00:42 - 2012-06-12 18:52 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 00:42 - 2012-06-12 18:52 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-20 00:42 - 2012-06-12 18:52 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-20 00:42 - 2012-06-12 18:52 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 00:00 - 2012-06-12 18:52 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-20 00:00 - 2012-06-12 18:52 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

ZeroAccess:
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\00000004.@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\1afb2d56
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\201d3dde
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L\55490ac4
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000004.@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\000000cb.@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000064.@

ZeroAccess:
C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Users\Kyle\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Possible MBR infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3956.52 MB
Available physical RAM: 3354.81 MB
Total Pagefile: 3954.67 MB
Available Pagefile: 3352.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:96.08 GB) NTFS
3 Drive e: (TOSHIBA EXT) (Fixed) (Total:465.76 GB) (Free:284.73 GB) NTFS
4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:7.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 101 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E TOSHIBA EXT NTFS Partition 465 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-28 21:26

======================= End Of Log ==========================

 

[Broni]

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[Animeniak7530]

Farbar Recovery Scan Tool Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-18 19:04:42
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Animeniak7530]

ComboFix 12-07-18.04 - Kyle 07/19/2012 3:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2362 [GMT -7:00]
Running from: c:\users\Kyle\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\SPL1B9.tmp
c:\programdata\SPL7145.tmp
c:\programdata\SPL8800.tmp
c:\windows\Fonts\font3746.ttf
c:\windows\Fonts\font3746_0.ttf
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-19 10:17 . 2012-07-19 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-18 20:01 . 2012-07-18 20:01 -------- d-----w- C:\FRST
2012-07-16 21:31 . 2012-07-16 21:31 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-14 00:39 . 2012-07-14 00:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 00:39 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 20:23 . 2012-07-13 20:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-13 20:23 . 2012-07-13 20:23 -------- d-----w- c:\program files (x86)\Oracle
2012-07-13 20:22 . 2012-07-06 05:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-12 08:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 20:23 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 20:23 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 20:23 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 06:39 . 2012-07-10 21:37 -------- d-----w- c:\users\Kyle\AppData\Local\Bit.Trip Beat
2012-07-10 06:34 . 2012-07-10 06:34 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-10 06:34 . 2012-07-10 06:34 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-10 06:34 . 2012-07-10 06:34 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-10 06:34 . 2012-07-10 06:34 -------- d-----w- c:\program files (x86)\OpenAL
2012-07-10 06:34 . 2012-07-10 06:34 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-02 07:56 . 2012-07-02 07:56 0 ----a-w- c:\windows\SysWow64\shoD00D.tmp
2012-07-01 08:26 . 2012-07-01 08:26 -------- d-----w- C:\DataSafeOnline
2012-06-29 00:01 . 2012-06-29 00:01 -------- d-----w- C:\found.000
2012-06-28 05:07 . 2012-06-28 22:10 -------- d-----w- c:\program files\Core Temp
2012-06-24 22:52 . 2012-06-24 22:52 -------- d-----w- c:\users\Kyle\AppData\Local\Lazy 8 Studios
2012-06-22 18:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 18:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 18:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 18:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 18:06 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 18:06 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 18:06 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 18:06 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 18:06 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:20 . 2012-06-19 22:20 -------- d-----w- c:\users\Kyle\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 08:01 . 2010-12-10 19:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-11 23:54 . 2012-03-30 05:12 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 23:54 . 2011-05-13 15:28 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2010-11-24 05:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-15 04:01 . 2012-06-12 23:52 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-12 23:52 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-12 23:52 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-04 11:06 . 2012-06-12 23:51 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-12 23:51 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-12 23:51 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-12 23:51 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-12 23:51 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-12 23:52 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-12 23:52 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-12 23:52 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-12 23:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-12 23:51 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-12 23:51 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-12 23:51 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-12 23:51 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-12 23:51 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 21:45 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 23:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-10 00:43 1519272 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-04-10 1519272]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448]
"Facebook Update"="c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-06-21 4786048]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-04-10 1557160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]
.
c:\users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-12-26 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [2010-04-14 45736]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-31 53800]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-31 35104]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-02 51600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\5C24.tmp [2011-05-12 6144]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2009-01-30 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1255736]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-23 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe [2010-04-14 1052328]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-07-15 5414184]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-07-15 127272]
S3 ALSysIO;ALSysIO;c:\users\Kyle\AppData\Local\Temp\ALSysIO64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-23 6233088]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-23 161280]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2009-12-17 20984]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 23:54]
.
2012-07-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001Core.job
- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-30 22:32]
.
2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001UA.job
- c:\users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-30 22:32]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 00:58]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-31 00:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2009-12-17 5470208]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-24 148280]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3019965&SearchSource=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
URLSearchHooks-{e5b66461-19eb-4da5-bbf7-df2d266d975b} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
Wow6432Node-HKLM-Run-Jaksta Free Video History - c:\program files (x86)\Jaksta Technologies\Jaksta Free Media Recorder Toolbar\Jaksta Free Video History\jfvhistoryp.exe
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\5C24.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-19 03:28:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 10:28
.
Pre-Run: 130,659,016,704 bytes free
Post-Run: 133,666,881,536 bytes free
.
- - End Of File - - B664CF80378F70983B93B11279707CC0

 

[Broni]

Looks good.

How is computer doing?

What happened to McAfee? I don't see it running.

=========================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Animeniak7530]

My pc has been running fine and I haven't had one of those random ads show up since halfway through this process.

I had to uninstall McAfee because it had expired and wouldn't let me disable its firewall/antivirus nor change any settings (as per instruction for combofix). When this process is over, I plan on either reinstalling McAfee and renewing my subscription or doing the same for another antivirus.
-----------------------------------------------------
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Kyle :: KYLE-PC [administrator]

7/19/2012 6:10:59 PM
mbam-log-2012-07-19 (18-10-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200076
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Kyle\Downloads\XvidSetup(2).exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Kyle\Downloads\XvidSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\Kyle\Downloads\XvidSetup.exe.part (Adware.Hotbar) -> Quarantined and deleted successfully.

(end)
-----------------------------------------------------------------------------------

 

[Animeniak7530]

OTL logfile created on: 7/19/2012 6:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 63.26% Memory free
7.73 Gb Paging File | 5.68 Gb Available in Paging File | 73.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 124.97 Gb Free Space | 27.71% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/19 18:16:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
PRC - [2012/07/09 14:45:52 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/09 14:45:50 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/06/19 17:44:38 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 00:14:14 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
PRC - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
PRC - [2010/11/20 05:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 10:06:18 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/07/10 09:33:36 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/07/10 09:33:21 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/07/10 09:33:09 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/10 09:32:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/07/10 09:30:45 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/10 09:30:30 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/07/10 09:30:22 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/10 09:29:36 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/07/10 09:29:11 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/10 09:29:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/10 09:29:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/10 09:28:58 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/07/09 14:45:52 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/09 14:45:50 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/27 22:04:42 | 000,008,704 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\GetCoreTempInfoNET.dll
MOD - [2012/06/27 22:04:42 | 000,007,680 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\SystemInfo.dll
MOD - [2012/06/27 22:04:42 | 000,006,144 | ---- | M] () -- C:\Users\Kyle\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.9.gadget\CoreTempReader.dll
MOD - [2012/06/19 17:44:33 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/19 17:44:09 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/19 17:44:09 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/19 17:44:08 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/19 17:44:08 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/23 20:00:23 | 000,148,280 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
MOD - [2011/01/23 20:00:20 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
MOD - [2010/04/05 05:56:20 | 000,094,359 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epoemdll.dll
MOD - [2010/04/05 05:56:19 | 000,045,221 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll
MOD - [2010/04/05 05:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizres.dll
MOD - [2010/04/05 05:56:07 | 000,716,954 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epwizard.dll
MOD - [2010/04/05 05:55:15 | 000,159,890 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll
MOD - [2010/04/05 05:55:04 | 000,061,604 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\epfunct.dll
MOD - [2010/04/05 05:54:59 | 000,123,033 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\eputil.dll
MOD - [2010/04/05 05:54:52 | 000,143,502 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\imagutil.dll
MOD - [2010/04/01 12:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdrs.dll
MOD - [2010/04/01 12:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll
MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 12:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll
MOD - [2009/02/20 01:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsmr.dll
MOD - [2009/02/20 01:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEBsm.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/04/14 14:56:23 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxebcoms.exe -- (lxeb_device)
SRV:64bit: - [2010/04/14 14:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV:64bit: - [2010/01/22 19:01:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/29 13:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/16 22:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/11/02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/15 09:13:06 | 000,127,272 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV:64bit: - [2009/07/15 09:13:02 | 005,414,184 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/07/19 03:56:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 16:54:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/09 14:45:52 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/19 17:44:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/11/23 22:22:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/14 14:56:13 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe -- (lxebCATSCustConnectService)
SRV - [2010/04/14 14:56:01 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxebcoms.exe -- (lxeb_device)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 21:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 21:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- c:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\5C24.tmp -- (MEMSWEEP2)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/07 03:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/30 20:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 20:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 20:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 20:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 20:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/22 19:13:24 | 006,233,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/01/22 18:07:56 | 000,161,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/12/22 10:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/12/16 22:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 22:16:18 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2009/12/16 22:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/11/02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/30 10:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/30 14:29:52 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2007/02/16 12:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 17:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2B8CC773-4431-4A53-BE28-7E1CE5B42167}
IE:64bit: - HKLM\..\SearchScopes\{2B8CC773-4431-4A53-BE28-7E1CE5B42167}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKLM\..\SearchScopes\{D8A4092E-5BC8-433F-889C-3614577EE954}: "URL" = http://www.bing.com/search?q={searchTerms}&amp;form=DLCDF8&amp;pc=MDDC&amp;src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1060933
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=A94F250E-220E-4E11-BA8D-F22C7D3434FD
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...264da88a7&lang=en&ds=gm011&pr=sa&d=2012-04-25 15:50:59&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3019965&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kyle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kyle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 14:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 03:56:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/16 15:20:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/19 03:56:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/16 15:20:14 | 000,000,000 | ---D | M]

[2010/12/07 22:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2012/07/13 14:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\extensions
[2012/06/18 15:16:50 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\extensions\anttoolbar@ant.com
[2012/06/18 02:00:24 | 000,002,573 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\searchplugins\askcom.xml
[2012/05/30 08:29:28 | 000,000,879 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\searchplugins\conduit.xml
[2012/01/08 13:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/13 12:27:12 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\KYLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\64XL57WK.DEFAULT\EXTENSIONS\EXVGHQPSQL@EXVGHQPSQL.ORG.XPI
[2012/07/19 03:56:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/09 14:45:49 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/08/11 20:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/09 21:45:49 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/19 03:20:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxebmon.exe] C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] c:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Kyle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6033519-19AF-44B0-A7DD-402F77BE3B20}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/19 18:16:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2012/07/19 03:28:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/19 03:20:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/19 02:55:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/19 02:55:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/19 02:55:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/19 02:55:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/19 02:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/19 02:04:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/19 00:43:21 | 004,582,182 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\ComboFix.exe
[2012/07/18 13:01:08 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/18 04:25:56 | 001,437,107 | ---- | C] (Farbar) -- C:\Users\Kyle\Desktop\FRST64.exe
[2012/07/18 02:26:25 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\Headshots
[2012/07/16 23:31:47 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2012/07/16 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\RK_Quarantine
[2012/07/16 18:29:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2012/07/16 14:31:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/16 14:24:49 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\TDSSKiller.exe
[2012/07/15 16:01:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2012/07/13 17:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/13 17:39:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/13 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/13 13:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/13 13:23:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/12 13:02:14 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Documents\Ant Videos Relocated
[2012/07/09 23:39:55 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Bit.Trip Beat
[2012/07/09 23:34:59 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/07/09 23:34:59 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/07/09 23:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012/07/01 01:26:06 | 000,000,000 | ---D | C] -- C:\DataSafeOnline
[2012/06/28 17:01:10 | 000,000,000 | ---D | C] -- C:\found.000
[2012/06/27 22:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
[2012/06/27 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Core Temp
[2012/06/24 15:52:05 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Lazy 8 Studios
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

[Animeniak7530]

========== Files - Modified Within 30 Days ==========

[2012/07/19 18:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001UA.job
[2012/07/19 18:25:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 18:25:56 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 18:18:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/19 18:18:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/19 18:17:56 | 3111,534,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 18:16:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Desktop\OTL.exe
[2012/07/19 18:13:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/19 18:11:23 | 000,780,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/19 18:11:23 | 000,660,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/19 18:11:23 | 000,121,636 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/19 18:08:09 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001Core.job
[2012/07/19 18:08:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/19 03:56:18 | 000,002,046 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/19 03:20:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/19 00:43:32 | 004,582,182 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\ComboFix.exe
[2012/07/18 04:25:58 | 001,437,107 | ---- | M] (Farbar) -- C:\Users\Kyle\Desktop\FRST64.exe
[2012/07/18 04:17:18 | 000,012,812 | ---- | M] () -- C:\Users\Kyle\.recently-used.xbel
[2012/07/16 23:31:47 | 000,001,201 | ---- | M] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.8.lnk
[2012/07/16 23:31:47 | 000,001,177 | ---- | M] () -- C:\Users\Kyle\Desktop\FrostWire 5.3.8.lnk
[2012/07/16 19:12:25 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2012/07/16 18:30:30 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kyle\Desktop\aswMBR.exe
[2012/07/16 18:29:20 | 001,558,528 | ---- | M] () -- C:\Users\Kyle\Desktop\RogueKiller.exe
[2012/07/16 14:25:58 | 000,000,121 | ---- | M] () -- C:\Users\Kyle\Desktop\[Active] - Random Audio and Advertisements in Background - TechSpot Forums.URL
[2012/07/16 14:11:55 | 392,310,018 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/15 16:01:17 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kyle\Desktop\dds.scr
[2012/07/15 15:55:11 | 000,302,592 | ---- | M] () -- C:\Users\Kyle\Desktop\49d6xyh7.exe
[2012/07/13 17:39:53 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 12:28:13 | 000,426,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/12 01:07:07 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/07/11 03:05:13 | 000,774,412 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/09 23:34:59 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012/07/09 23:34:59 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012/07/09 12:48:10 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kyle\Desktop\TDSSKiller.exe
[2012/07/05 19:22:06 | 000,032,807 | ---- | M] () -- C:\Users\Kyle\Documents\SchwabRecords.rtf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/28 14:23:38 | 000,000,419 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\All CPU Meter_Settings.ini
[2012/06/28 13:35:39 | 000,000,790 | ---- | M] () -- C:\Users\Kyle\Desktop\Core Temp.lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/19 02:55:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/19 02:55:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/19 02:55:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/19 02:55:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/19 02:55:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/18 04:17:18 | 000,012,812 | ---- | C] () -- C:\Users\Kyle\.recently-used.xbel
[2012/07/16 23:31:47 | 000,001,201 | ---- | C] () -- C:\Users\Kyle\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.3.8.lnk
[2012/07/16 23:31:47 | 000,001,177 | ---- | C] () -- C:\Users\Kyle\Desktop\FrostWire 5.3.8.lnk
[2012/07/16 19:12:25 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2012/07/16 18:29:17 | 001,558,528 | ---- | C] () -- C:\Users\Kyle\Desktop\RogueKiller.exe
[2012/07/16 14:25:58 | 000,000,121 | ---- | C] () -- C:\Users\Kyle\Desktop\[Active] - Random Audio and Advertisements in Background - TechSpot Forums.URL
[2012/07/15 15:55:10 | 000,302,592 | ---- | C] () -- C:\Users\Kyle\Desktop\49d6xyh7.exe
[2012/07/13 17:39:53 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 01:07:07 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/06/28 13:35:39 | 000,000,790 | ---- | C] () -- C:\Users\Kyle\Desktop\Core Temp.lnk
[2012/06/27 22:06:18 | 000,000,419 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\All CPU Meter_Settings.ini
[2012/04/10 19:14:49 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2012/04/09 23:24:59 | 000,001,763 | ---- | C] () -- C:\Users\Kyle\iTunes.lnk
[2012/03/09 17:01:45 | 000,227,612 | ---- | C] () -- C:\Users\Kyle\Font_experiment_1.svg
[2011/10/06 12:38:36 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebusb1.dll
[2011/10/06 12:38:36 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebpmui.dll
[2011/10/06 12:38:36 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebinpa.dll
[2011/10/06 12:38:36 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxebcomx.dll
[2011/10/06 12:38:36 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebiesc.dll
[2011/10/06 12:38:36 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxebins.dll
[2011/10/06 12:38:36 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxebinsb.dll
[2011/10/06 12:38:36 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxebcu.dll
[2011/10/06 12:38:36 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\lxebinsr.dll
[2011/10/06 12:38:36 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxebcub.dll
[2011/10/06 12:38:36 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxebjswr.dll
[2011/10/06 12:38:36 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxebcur.dll
[2011/10/06 12:38:35 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebserv.dll
[2011/10/06 12:38:35 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomc.dll
[2011/10/06 12:38:35 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebhbn3.dll
[2011/10/06 12:38:35 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcoms.exe
[2011/10/06 12:38:35 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeblmpm.dll
[2011/10/06 12:38:35 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcfg.exe
[2011/10/06 12:38:35 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebcomm.dll
[2011/10/06 12:38:35 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxebih.exe
[2011/10/06 12:34:40 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEBsm.dll
[2011/10/06 12:34:40 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\LXEBsmr.dll
[2011/04/28 22:08:23 | 000,003,584 | ---- | C] () -- C:\Users\Kyle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 14:47:15 | 000,774,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/04 20:25:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/24 21:52:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/11/23 23:59:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/11/23 23:42:20 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/23 22:41:55 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

========== LOP Check ==========

[2011/04/25 12:10:34 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\4Media
[2010/12/09 19:28:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\acccore
[2011/08/26 20:54:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Amazon
[2012/05/16 21:04:17 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\AVG2012
[2012/04/16 01:25:29 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Azureus
[2012/02/20 23:15:17 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Beat Hazard
[2010/12/20 18:31:37 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Blender Foundation
[2012/02/22 18:10:41 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Braid
[2012/03/19 23:03:53 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Doublefine
[2012/06/16 16:08:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\fltk.org
[2012/07/17 01:09:13 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\FrostWire
[2011/04/25 12:07:55 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\GetRightToGo
[2012/07/18 04:17:18 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\gtk-2.0
[2011/07/26 21:58:10 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Hothead Games
[2012/03/09 15:23:33 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\inkscape
[2012/06/18 13:19:20 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Jaksta Free Video History
[2011/08/25 22:22:54 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\LolClient
[2012/06/06 21:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MonoDevelop-Unity
[2012/06/07 21:04:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/02/11 21:09:40 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\OpenCandy
[2012/01/04 21:58:33 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\PACE Anti-Piracy
[2011/12/27 01:29:19 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\RIFT
[2012/05/11 21:47:36 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\runic games
[2012/05/16 00:35:38 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\SoftGrid Client
[2012/01/07 12:42:22 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\stetic
[2011/07/07 19:14:33 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\The Path
[2011/02/11 14:48:05 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\TP
[2012/01/04 21:59:44 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Unity
[2011/07/08 17:26:36 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\WTouch
[2012/07/19 18:08:09 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001Core.job
[2012/07/19 18:37:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2442831186-184169548-1129946676-1001UA.job
[2012/07/19 02:50:56 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 945 bytes -> C:\ProgramData\Microsoft:SD5sW9MNkKUhd2dT0Ch
@Alternate Data Stream - 1172 bytes -> C:\Program Files (x86)\Common Files\System:vPW82U70DR7Khva5W
@Alternate Data Stream - 1114 bytes -> C:\ProgramData\Microsoft:JlI5nRJ8GggDIukdJEtF7uEKd
@Alternate Data Stream - 1043 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ClqoJpuOEX92C2CEOVfj8N6SwQgk

< End of report >

 

[Animeniak7530]

OTL Extras logfile created on: 7/19/2012 6:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Kyle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 63.26% Memory free
7.73 Gb Paging File | 5.68 Gb Available in Paging File | 73.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 124.97 Gb Free Space | 27.71% Space Free | Partition Type: NTFS

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BF7200C0-CA2B-4656-8FF1-E49BBE711202}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFB0B8BA-E541-4F33-A734-B0302F4C28ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{11B7FDD0-6D31-1CAB-3BC4-9EB1ACD67803}" = ATI AVIVO64 Codecs
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3B6074E5-5823-9363-851C-25F9DDB1E477}" = ccc-utility64
"{3EF53D70-F472-9A93-2E09-737FBB4A5AE8}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E852F060-08FF-FFD5-0C98-2A066B42EBBB}" = ccc-utility64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Blender" = Blender
"DW WLAN Card Utility" = DW WLAN Card Utility
"Explorer Suite_is1" = Explorer Suite III
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VTFEdit_is1" = VTFEdit 1.3.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1170BEDA-359C-4202-A5BF-CCA919E7B917}" = CCC Help Danish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{16FB54B9-8AC9-F064-38FB-DF7B69583218}" = CCC Help Chinese Standard
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{19DE6032-D3EE-D664-FA63-452431599161}" = CCC Help Norwegian
"{1B367D21-5307-428C-DEDA-D073071CB89B}" = CCC Help Japanese
"{1CCF681C-C203-49B3-83F4-A54F0F944416}" = CleanWaterAction Reminder by We-Care.com v5.0.5.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{24BBD0E3-4579-9EF5-6081-DE56129D093A}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2DE12376-E648-D16E-3E0A-0CAEE233BF64}" = CCC Help Spanish
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3347400D-F491-6DB5-9F57-0A9EA8E435C9}" = Catalyst Control Center Core Implementation
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{39EFAC6A-639E-3CE3-2B62-EF8518AD8326}" = CCC Help Chinese Traditional
"{3ED3BC2E-141A-BFB0-D48C-E8DDA3A461E7}" = ccc-core-static
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4979A82C-4EBE-32C4-81E5-94532C4BAEED}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{54EE63E3-9960-41B6-9644-BB0167C6DD42}" = Catalyst Control Center - Branding
"{550B72C4-F404-4812-971F-947E835A877E}" = Gtk# for .Net 2.12.10
"{57B21E43-056F-9E58-8774-20E8A89B5347}" = CCC Help English
"{5A11DB94-53E7-0232-3AF6-8DD9612094CD}" = CCC Help Chinese Traditional
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5CF3C617-83A2-3D8E-39D6-45B593BB5F89}" = CCC Help German
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60495020-5A67-DE2D-B768-5E77E734D263}" = CCC Help Italian
"{61C06586-0FAD-1E43-20C6-08F4F1483C3D}" = CCC Help Norwegian
"{62499375-AB9C-5279-EEEE-F5AB863CA996}" = CCC Help Danish
"{6464EA89-7B34-C15B-B39F-4638EFF931DE}" = Catalyst Control Center Graphics Previews Common
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65A30A52-B4CA-006E-8750-8366C9693C77}" = CCC Help Russian
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66C5E9B6-2D87-D7E8-9B8F-BFCAD7105AD1}" = Catalyst Control Center Graphics Previews Common
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F3AB64A-CC2D-C533-C5CD-30420E2DC578}" = Skins
"{7087BFF5-88C7-4B82-2EF6-B7F09DD4A86B}" = ccc-core-static
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{719CCEF3-234C-6C1A-3891-79FA208E8025}" = CCC Help Portuguese
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764490A7-9DF2-B0CE-DA9F-72DDFD342ACA}" = CCC Help Russian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78AE5FAE-C641-311B-9CC8-CEBB87FAF795}" = CCC Help Japanese
"{7BCA9417-A611-CC28-9471-6250EC9666EB}" = Catalyst Control Center Graphics Full Existing
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{860CF8EA-A8ED-01BD-8344-26DB1058A563}" = CCC Help Korean
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C28F118-03B5-4756-F83C-C31C851D1FF3}" = CCC Help Chinese Standard
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E58BA1-2E10-B49E-283C-3C170C098149}" = CCC Help Dutch
"{9635D462-1B39-E171-BA1C-32A036572251}" = CCC Help Spanish
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362AE0-1F0D-370B-F468-FFEF38682508}" = Catalyst Control Center Graphics Full Existing
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FF5AF7A-F7C7-D4F0-D93F-40800E2F8C20}" = Catalyst Control Center InstallProxy
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A4147C0B-A939-B87E-A6AB-71837A52AFEC}" = Catalyst Control Center Core Implementation
"{A498BF75-59BD-6EDB-1C19-13AAA2FD3034}" = CCC Help French
"{A8ACDFFF-093C-8898-E1B8-9388277CD805}" = CCC Help Portuguese
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB834517-C040-6115-A231-0A62F0A08294}" = CCC Help Swedish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2939EC4-6FB6-3153-0F9E-CE1AE76F0AE8}" = Catalyst Control Center Graphics Light
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B47669BF-36B7-B33B-69C9-A2E7AAA36017}" = CCC Help German
"{B5747FE9-AC7C-3512-02EA-2C6A089EC68F}" = CCC Help Finnish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{C52D6FF6-308B-2395-72EE-CA72216F8618}" = CCC Help Korean
"{C5422D6A-6CC4-82CA-C28F-249DC0C846B5}" = Catalyst Control Center Graphics Full New
"{CEC73671-6AFB-CC2B-203B-2A00E8901755}" = Catalyst Control Center Graphics Previews Vista
"{CFBB5529-2532-1F5E-8706-F0D1BE3B8C35}" = Catalyst Control Center Graphics Previews Vista
"{D7058431-BC8D-71B7-136F-6FFA32C5C7C2}" = CCC Help Swedish
"{DCC9335C-09BD-3017-096F-931FDB8E7663}" = Catalyst Control Center Graphics Full New
"{DE4AD67B-9EA0-31F1-F5EE-E9B836248839}" = CCC Help English
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ECBA603F-259F-9C33-85DE-0D7E3FCAB407}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE14D3B8-D4A6-EEC6-A37E-FC77CBF6A5FE}" = CCC Help Italian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F26E3E58-D6E5-3C61-7A7C-20D61017C26A}" = CCC Help French
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FB9F4BEA-283B-18FA-3DA4-B757214528F3}" = Catalyst Control Center Localization All
"{FCAC5BFF-0A4E-3E71-C486-5E55C0630817}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE6D5F28-4C11-4197-66CA-48AA4AECD833}" = Catalyst Control Center Graphics Light
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AVG Secure Search" = AVG Security Toolbar
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"FrostWire" = FrostWire 4.21.3
"FrostWire 5" = FrostWire 5.3.8
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"GOM Player" = GOM Player
"GoToAssist" = GoToAssist 8.0.0.514
"Inkscape" = Inkscape 0.48.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Online Sheet Music Viewer_is1" = Online Sheet Music Viewer 8.2.2.0
"OpenAL" = OpenAL
"Origin" = Origin
"Pen Tablet Driver" = Bamboo
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"Steam App 115100" = Costume Quest
"Steam App 115110" = Stacking
"Steam App 13260" = Unreal Development Kit
"Steam App 18040" = DeathSpank
"Steam App 202480" = Creation Kit
"Steam App 211" = Source SDK
"Steam App 26500" = Cogs
"Steam App 27000" = The Path
"Steam App 3830" = Psychonauts
"Steam App 400" = Portal
"Steam App 41500" = Torchlight
"Steam App 42300" = Sixense TrueMotion SDK
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 49600" = Beat Hazard
"Steam App 500" = Left 4 Dead
"Steam App 520" = Team Fortress 2 Beta
"Steam App 550" = Left 4 Dead 2
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 63700" = BIT.TRIP BEAT
"Unity" = Unity
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Warcraft III" = Warcraft III
"WildTangent dell Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"f031ef6ac137efc5" = Dell Driver Download Manager
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 3:20:23 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 4:20:24 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 3/31/2012 4:20:24 PM | Computer Name = Kyle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

[ Broadcom Wireless LAN Events ]
Error - 6/20/2012 4:17:58 PM | Computer Name = Kyle-PC | Source = WLAN-Tray | ID = 0
Description = 13:17:56, Wed, Jun 20, 12 Error - Unable to gain access to user store


[ Dell Events ]
Error - 9/19/2011 3:21:38 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 3:26:14 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 3:26:14 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 8:13:50 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 8:13:50 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/21/2011 4:20:11 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/21/2011 4:20:11 AM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/24/2011 4:15:00 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/24/2011 4:15:00 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/27/2011 6:30:23 PM | Computer Name = Kyle-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 9/15/2011 2:15:57 PM | Computer Name = Kyle-PC | Source = MCUpdate | ID = 0
Description = 11:15:57 AM - Error connecting to the internet. 11:15:57 AM - Unable
to contact server..

[ System Events ]
Error - 7/19/2012 6:30:58 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7022
Description = The Intel(R) Management & Security Application User Notification Service
service hung on starting.

Error - 7/19/2012 6:48:07 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService
service to connect.

Error - 7/19/2012 6:48:07 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7000
Description = The lxebCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/19/2012 6:48:07 AM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MfeFire. This service might not be installed.

Error - 7/19/2012 4:00:29 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService
service to connect.

Error - 7/19/2012 4:00:29 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7000
Description = The lxebCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/19/2012 4:00:29 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MfeFire. This service might not be installed.

Error - 7/19/2012 9:18:19 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService
service to connect.

Error - 7/19/2012 9:18:19 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7000
Description = The lxebCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 7/19/2012 9:18:19 PM | Computer Name = Kyle-PC | Source = Service Control Manager | ID = 7003
Description = The McAfee Personal Firewall Service service depends the following
service: MfeFire. This service might not be installed.


< End of report >

 

[Broni]

You didn't answer my question:

What happened to McAfee? I don't see it running.

 

[Animeniak7530]

I uninstalled it. It wouldn't let me disable it.

 

[Broni]

Reinstall it as soon as possible.
You can't be without any protection.
While you do so I'll review your OTL logs.

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
  IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  [2012/06/18 02:00:24 | 000,002,573 | ---- | M] () -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\searchplugins\askcom.xml
  O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
  [2012/07/18 13:01:08 | 000,000,000 | ---D | C] -- C:\FRST
  @Alternate Data Stream - 945 bytes -> C:\ProgramData\Microsoft:SD5sW9MNkKUhd2dT0Ch
  @Alternate Data Stream - 1172 bytes -> C:\Program Files (x86)\Common Files\System:vPW82U70DR7Khva5W
  @Alternate Data Stream - 1114 bytes -> C:\ProgramData\Microsoft:JlI5nRJ8GggDIukdJEtF7uEKd
  @Alternate Data Stream - 1043 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:ClqoJpuOEX92C2CEOVfj8N6SwQgk
  
  
  :Services
  
  :Reg
  
  :Files
  C:\Program Files (x86)\Ask.com
  
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Animeniak7530]

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\64xl57wk.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U folder moved successfully.
C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L folder moved successfully.
C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} folder moved successfully.
C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U folder moved successfully.
C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L folder moved successfully.
C:\FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\ProgramData\Microsoft:SD5sW9MNkKUhd2dT0Ch deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:vPW82U70DR7Khva5W deleted successfully.
ADS C:\ProgramData\Microsoft:JlI5nRJ8GggDIukdJEtF7uEKd deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:ClqoJpuOEX92C2CEOVfj8N6SwQgk deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Kyle
->Temp folder emptied: 337402792 bytes
->Temporary Internet Files folder emptied: 51399870 bytes
->Java cache emptied: 1385552 bytes
->FireFox cache emptied: 196867997 bytes
->Flash cache emptied: 317818 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 36864 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130574 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53861 bytes
RecycleBin emptied: 121 bytes

Total Files Cleaned = 560.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kyle
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kyle
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07192012_204540

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!
C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\FRST\Quarantine not found!
File C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

 

[Animeniak7530]

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Security Toolbar
McAfee All Access – Total Protection
McAfee Online Backup
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Sophos Anti-Rootkit 1.5.20
JavaFX 2.1.1
Java(TM) 6 Update 29
Java(TM) 7 Update 5
Out of date Java installed!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee Online Backup MOBKbackup.exe
``````````End of Log````````````
----------------------------------------------------------------------------
Farbar Service Scanner Version: 19-07-2012
Ran by Kyle (administrator) on 19-07-2012 at 22:32:11
Running from "C:\Users\Kyle\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Animeniak7530]

C:\TDSSKiller_Quarantine\16.07.2012_14.29.12\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.07.2012_14.29.12\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\16.07.2012_14.29.12\mbr0000\tdlfs0000\tsk0009.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\Users\Kyle\Downloads\media.player.codec.pack.v3.9.9.setup.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Kyle\Downloads\VLC_968.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\07192012_204540\C_\FRST\Quarantine\E2A7.tmp a variant of Win32/Kryptik.AHVU trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\07192012_204540\C_FRST\Quarantine\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000064.@ Win64/Sirefef.AN trojan cleaned by deleting - quarantined