TechSpot

Sirefef infection

By lauraw18
Oct 14, 2012
  1. I am running windows 7 x64. I foolishly downloaded a codec pack that was infected and now Im paying the price. Im getting redirects in firefox when I visit websites. I followed all the instructions and my logs are as follows.

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.14.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Babydoll :: BABYDOLL-PC [administrator]

    Protection: Enabled

    10/14/2012 1:05:57 PM
    mbam-log-2012-10-14 (13-05-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206756
    Time elapsed: 6 minute(s), 22 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Users\Babydoll\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> No action taken.
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\80000000.@ (Rootkit.0Access.64) -> Quarantined and deleted successfully.

    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-14 14:16:42
    Windows 6.1.7601 Service Pack 1
    Running: tdod0y70.exe
    ---- Registry - GMER 1.0.15 ----
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Babydoll\AppData\Local\Logitech\xae Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe 1
    ---- EOF - GMER 1.0.15 ----
    DDS (Ver_2012-10-14.05) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
    Run by Babydoll at 14:18:45 on 2012-10-14
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5717 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\viakaraokesrv.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Logitech\Gaming Software\LWEMon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Babydoll\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
    C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Users\Babydoll\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\Babydoll\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\chrome.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=APN10635&gct=hp
    mWinlogon: Userinit = userinit.exe,
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    uRun: [Google Update] "C:\Users\Babydoll\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    uRun: [Spotify Web Helper] "C:\Users\Babydoll\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe"
    mRun: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\Babydoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: mswsock.dll
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{46D2BCDE-7C84-4F6F-9848-39AF9E896812} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Babydoll\AppData\Roaming\Mozilla\Firefox\Profiles\6qdbqp86.default\
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bfeec4952-16d5-4827-9c1f-f9b426e47249%7D&mid=e4232c8089aa47d087916de78371ad09-b787440fbb17ee6c270c9e1b2f7e6e39c4a510ec&ds=AVG&v=12.2.5.32&lang=en&pr=fr&d=2012-05-06%2012%3A23%3A23&sap=ku&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Babydoll\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-08-30 14:29; avg@toolbar; C:\ProgramData\AVG Secure Search\12.2.5.32
    FF - ExtSQL: 2012-09-11 08:45; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; C:\Program Files (x86)\AVG\AVG2012\Firefox4
    FF - ExtSQL: 2012-10-03 09:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Babydoll\AppData\Roaming\Mozilla\Firefox\Profiles\6qdbqp86.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 31080]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-27 239616]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
    R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2012-5-8 96896]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-14 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-14 676936]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2011-3-29 27760]
    R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-8-30 722528]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-5-6 46136]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-7-28 10278912]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-7-27 368640]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-14 25928]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2011-3-29 2157680]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-7 250808]
    S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-5-6 245760]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-29 114144]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-5-5 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-5-7 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-6 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-10-14 17:18:0469000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9624E30A-CAD6-495B-B230-65FA31120BD7}\offreg.dll
    2012-10-14 17:01:56--------d-----w-C:\Users\Babydoll\AppData\Roaming\Malwarebytes
    2012-10-14 17:01:4725928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-10-14 17:01:47--------d-----w-C:\ProgramData\Malwarebytes
    2012-10-14 17:01:47--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-14 16:43:308917360----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-10-14 16:43:279308616----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9624E30A-CAD6-495B-B230-65FA31120BD7}\mpengine.dll
    2012-10-14 16:26:58--------d-----w-C:\TDSSKiller_Quarantine
    2012-10-14 14:10:27--------d-----w-C:\Windows\SysWow64\QuickTime
    2012-10-14 14:03:49--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2012-10-14 13:55:33--------d-----w-C:\Program Files (x86)\Mega Codec Pack
    2012-10-10 17:42:14424448------w-C:\Windows\System32\KernelBase.dll
    2012-10-10 17:42:13215040------w-C:\Windows\System32\winsrv.dll
    2012-10-10 17:42:12274944------w-C:\Windows\SysWow64\KernelBase.dll
    2012-10-10 17:42:11243200------w-C:\Windows\System32\wow64.dll
    2012-10-10 17:42:10362496------w-C:\Windows\System32\wow64win.dll
    2012-10-10 17:42:1013312------w-C:\Windows\System32\wow64cpu.dll
    2012-10-10 17:41:56220160------w-C:\Windows\System32\wintrust.dll
    2012-10-10 17:41:56172544------w-C:\Windows\SysWow64\wintrust.dll
    2012-10-10 17:41:46715776------w-C:\Windows\System32\kerberos.dll
    2012-10-10 17:41:431464320------w-C:\Windows\System32\crypt32.dll
    2012-10-10 17:41:42140288------w-C:\Windows\System32\cryptnet.dll
    2012-10-10 17:41:421159680------w-C:\Windows\SysWow64\crypt32.dll
    2012-10-08 16:04:26--------d-----w-C:\Program Files (x86)\Coupons
    2012-10-03 15:21:16359424----a-w-C:\Windows\System32\CmiInstallResAll64.dll
    2012-10-03 15:21:151310720----a-w-C:\Windows\System32\drivers\CM10864.sys
    2012-10-02 15:42:45--------d-----w-C:\Users\Babydoll\AppData\Local\MFAData
    2012-10-02 15:42:45--------d-----w-C:\Users\Babydoll\AppData\Local\Avg2013
    2012-10-01 16:30:18--------d-----w-C:\Users\Babydoll\AppData\Local\Macromedia
    2012-09-30 16:04:12--------d-----r-C:\Users\Babydoll\AppData\Roaming\Brother
    2012-09-30 02:22:34--------d-----w-C:\Users\Babydoll\AppData\Local\Mozilla
    2012-09-30 02:22:29--------d-----w-C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-27 13:47:01245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-09-21 17:51:37--------d-----w-C:\ProgramData\NVIDIA Corporation
    2012-09-21 17:51:34--------d-----w-C:\Program Files\NVIDIA Corporation
    2012-09-19 19:57:2733240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-09-19 19:56:02--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-19 19:56:02--------d-----w-C:\Program Files\iTunes
    2012-09-19 19:56:02--------d-----w-C:\Program Files\iPod
    2012-09-19 19:56:02--------d-----w-C:\Program Files (x86)\iTunes
    2012-09-19 17:55:51--------d-----w-C:\Program Files (x86)\Seagate
    2012-09-19 17:35:07--------d-----w-C:\ProgramData\Hi-Rez Studios
    2012-09-19 17:35:02--------d-----w-C:\Program Files (x86)\Hi-Rez Studios
    2012-09-17 14:13:26--------d--h--r-C:\AHCache
    .
    ==================== Find3M ====================
    .
    2012-10-14 17:07:1373656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-14 17:07:13696760----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-22 17:48:1018960----a-w-C:\Windows\System32\drivers\LNonPnP.sys
    2012-09-09 16:27:21255352----a-w-C:\Windows\SysWow64\awrdscdc.ax
    2012-09-02 19:43:5595208----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-02 19:43:54821736----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-02 19:43:54746984----a-w-C:\Windows\SysWow64\deployJava1.dll
    2012-08-30 18:29:1731080----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2012-08-24 19:43:16384352----a-w-C:\Windows\System32\drivers\avgtdia.sys
    2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 17:01:20125872----a-w-C:\Windows\System32\GEARAspi64.dll
    2012-08-21 17:01:20106928----a-w-C:\Windows\SysWow64\GEARAspi.dll
    2012-08-10 15:23:11152576----a-w-C:\Windows\SysWow64\msclmd.dll
    2012-08-10 15:23:10175616----a-w-C:\Windows\System32\msclmd.dll
    2012-08-02 17:58:52574464----a-w-C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20490496----a-w-C:\Windows\SysWow64\d3d10level9.dll
    2012-07-28 04:09:205538984----a-w-C:\Windows\SysWow64\atiumdag.dll
    2012-07-28 04:07:4410278912----a-w-C:\Windows\System32\drivers\atikmdag.sys
    2012-07-28 03:43:1270144----a-w-C:\Windows\System32\coinst_8.982.dll
    2012-07-28 03:19:3424935424----a-w-C:\Windows\System32\atio6axx.dll
    2012-07-28 02:50:1020546560----a-w-C:\Windows\SysWow64\atioglxx.dll
    2012-07-28 02:47:40187392----a-w-C:\Windows\System32\clinfo.exe
    2012-07-28 02:47:2475776----a-w-C:\Windows\System32\OpenVideo64.dll
    2012-07-28 02:47:1665024----a-w-C:\Windows\SysWow64\OpenVideo.dll
    2012-07-28 02:47:1063488----a-w-C:\Windows\System32\OVDecode64.dll
    2012-07-28 02:47:0656320----a-w-C:\Windows\SysWow64\OVDecode.dll
    2012-07-28 02:46:5616464896----a-w-C:\Windows\System32\amdocl64.dll
    2012-07-28 02:46:0613013504----a-w-C:\Windows\SysWow64\amdocl.dll
    2012-07-28 02:15:50163840----a-w-C:\Windows\System32\atiapfxx.exe
    2012-07-28 02:15:42931328----a-w-C:\Windows\SysWow64\aticfx32.dll
    2012-07-28 02:13:561100288----a-w-C:\Windows\System32\aticfx64.dll
    2012-07-28 02:10:40442368----a-w-C:\Windows\System32\ATIDEMGX.dll
    2012-07-28 02:10:34534528----a-w-C:\Windows\System32\atieclxx.exe
    2012-07-28 02:09:44239616----a-w-C:\Windows\System32\atiesrxx.exe
    2012-07-28 02:08:20120320----a-w-C:\Windows\System32\atitmm64.dll
    2012-07-28 02:08:0421504----a-w-C:\Windows\System32\atimuixx.dll
    2012-07-28 02:07:5859392----a-w-C:\Windows\System32\atiedu64.dll
    2012-07-28 02:07:5243520----a-w-C:\Windows\SysWow64\ati2edxx.dll
    2012-07-28 02:07:106430208----a-w-C:\Windows\SysWow64\atidxx32.dll
    2012-07-28 01:51:127052288----a-w-C:\Windows\System32\atidxx64.dll
    2012-07-28 01:41:324266496----a-w-C:\Windows\System32\atiumd6a.dll
    2012-07-28 01:35:1051200----a-w-C:\Windows\System32\aticalrt64.dll
    2012-07-28 01:35:0846080----a-w-C:\Windows\SysWow64\aticalrt.dll
    2012-07-28 01:35:0244544----a-w-C:\Windows\System32\aticalcl64.dll
    2012-07-28 01:35:0044032----a-w-C:\Windows\SysWow64\aticalcl.dll
    2012-07-28 01:34:4816034304----a-w-C:\Windows\System32\aticaldd64.dll
    2012-07-28 01:32:324751872----a-w-C:\Windows\SysWow64\atiumdva.dll
    2012-07-28 01:30:1013605888----a-w-C:\Windows\SysWow64\aticaldd.dll
    2012-07-28 01:25:526676480----a-w-C:\Windows\System32\atiumd64.dll
    2012-07-28 01:15:32540160----a-w-C:\Windows\System32\atiadlxx.dll
    2012-07-28 01:15:22368640----a-w-C:\Windows\SysWow64\atiadlxy.dll
    2012-07-28 01:15:1217920----a-w-C:\Windows\System32\atig6pxx.dll
    2012-07-28 01:15:0814848----a-w-C:\Windows\SysWow64\atiglpxx.dll
    2012-07-28 01:15:0814848----a-w-C:\Windows\System32\atiglpxx.dll
    2012-07-28 01:15:0441984----a-w-C:\Windows\System32\atig6txx.dll
    2012-07-28 01:14:5633280----a-w-C:\Windows\SysWow64\atigktxx.dll
    2012-07-28 01:14:46368640----a-w-C:\Windows\System32\drivers\atikmpag.sys
    2012-07-28 01:13:54129536----a-w-C:\Windows\System32\atiuxp64.dll
    2012-07-28 01:13:48109568----a-w-C:\Windows\SysWow64\atiuxpag.dll
    2012-07-28 01:13:40103936----a-w-C:\Windows\System32\atiu9p64.dll
    2012-07-28 01:13:3283456----a-w-C:\Windows\SysWow64\atiu9pag.dll
    2012-07-28 01:12:5453248----a-w-C:\Windows\System32\drivers\ati2erec.dll
    2012-07-28 01:08:4256320----a-w-C:\Windows\System32\atimpc64.dll
    2012-07-28 01:08:4256320----a-w-C:\Windows\System32\amdpcom64.dll
    2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\atimpc32.dll
    2012-07-28 01:08:3656832----a-w-C:\Windows\SysWow64\amdpcom32.dll
    2012-07-26 07:21:28291680----a-w-C:\Windows\System32\drivers\avgldx64.sys
    2012-07-18 18:15:063148800----a-w-C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 14:19:14.26 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    I still need Attach.txt part of DDS.
     
  3. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-14.05)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/5/2012 4:31:01 PM
    System Uptime: 10/14/2012 3:13:09 PM (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4N68T-M-V2
    Processor: AMD Athlon(tm) II X2 265 Processor | AM3 | 3300/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 466 GiB total, 335.396 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP79: 10/11/2012 1:32:10 AM - Windows Update
    RP80: 10/14/2012 11:47:19 AM - Restore Operation
    RP82: 10/14/2012 12:50:59 PM - Windows Defender Checkpoint
    RP83: 10/14/2012 1:02:58 PM - Removed Hi-Rez Studios Games
    RP84: 10/14/2012 3:11:30 PM - Device Driver Package Install: C-Media Inc. Sound, video and game controllers
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    AI Suite
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AudibleManager
    AVG 2012
    Bonjour
    Brother MFL-Pro Suite MFC-J430W
    CameraHelperMsi
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Content Transfer
    Curse Client
    D3DX10
    eReg
    Google Chrome
    iTunes
    Jasc Paint Shop Pro 9
    Java 7 Update 7
    Java Auto Updater
    JavaFX 2.1.1
    Junk Mail filter update
    Logitech Gaming Software 5.10
    Logitech SetPoint 6.32
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.65.0.1400
    Media Manager for WALKMAN 1.2
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 15.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    NVIDIA Display Control Panel
    NVIDIA Drivers
    Platform
    Portal 2
    PVSonyDll
    QuickTime
    SeaTools for Windows
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype™ 5.10
    Spotify
    Steam
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    USB PnP Sound Device
    Ventrilo Client for Windows x64
    VIA Platform Device Manager
    Visual Studio 2008 x64 Redistributables
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.20 (64-bit)
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/7/2012 11:41:16 AM, Error: Microsoft-Windows-Time-Service [34] - The time service has detected that the system time needs to be changed by -86421 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.15:123) is working properly.
    10/14/2012 9:58:58 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    10/14/2012 9:58:42 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    10/14/2012 9:58:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
    10/14/2012 9:58:21 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/14/2012 3:08:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    10/14/2012 3:08:27 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  5. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-10-2012
    Ran by SYSTEM at 14-10-2012 17:12:28
    Running from E:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)
    HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [190536 2010-06-14] (Logitech Inc.)
    HKLM\...\Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd [8757248 2010-10-13] (C-Media Corporation)
    HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [3037296 2012-05-06] (VIA)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-08-30] ()
    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [205336 2011-11-11] (Logitech Inc.)
    HKLM-x32\...\Run: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [888960 2010-03-25] (ASUSTeK Computer Inc.)
    HKLM-x32\...\Run: [Cpu Level Up help] "C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [887936 2009-12-28] ()
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [36960 2012-07-18] ()
    HKLM-x32\...\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-30] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKU\Babydoll\...\Run: [Google Update] "C:\Users\Babydoll\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-06] (Google Inc.)
    HKU\Babydoll\...\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [x]
    HKU\Babydoll\...\Run: [Spotify Web Helper] "C:\Users\Babydoll\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1193176 2012-08-15] ()
    HKU\Babydoll\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [1022352 2012-07-02] (BitTorrent, Inc.)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Startup: C:\Users\Babydoll\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

    ==================== Services (Whitelisted) ===================

    2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [96896 2009-12-28] (ASUSTeK Computer Inc.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    2 VIAKaraokeService; C:\Windows\System32\viakaraokesrv.exe [27760 2012-05-06] (VIA Technologies, Inc.)
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-08-30] ()

    ==================== Drivers (Whitelisted) =====================

    2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
    1 AsIO; C:\Windows\SysWow64\Drivers\AsIO.sys [13440 2009-08-04] ()
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-30] (AVG Technologies)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
    3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-14 12:49 - 2012-10-14 12:49 - 01456929 ____A (Farbar) C:\Users\Babydoll\Downloads\FRST64.exe
    2012-10-14 11:36 - 2012-10-14 11:36 - 00007296 ____A C:\Users\Babydoll\Desktop\attach.txt
    2012-10-14 11:34 - 2012-10-14 11:34 - 00706431 ____R (Swearware) C:\Users\Babydoll\Downloads\dds.com
    2012-10-14 11:12 - 2012-10-14 11:12 - 00000169 ____A C:\Windows\Cm108.ini.cfl
    2012-10-14 11:12 - 2010-10-13 07:06 - 08757248 ____N (C-Media Corporation) C:\Windows\SysWOW64\CM108.dll
    2012-10-14 11:12 - 2010-07-13 11:26 - 00804352 ____N C:\Windows\System32\Cmeau108.exe
    2012-10-14 11:12 - 2009-04-02 12:59 - 00143360 ____N C:\Windows\Vmix108.dll
    2012-10-14 11:12 - 2008-07-23 15:00 - 00389120 ____N () C:\Windows\System32\CM108.cpl
    2012-10-14 11:12 - 2006-09-13 06:21 - 00200704 ____N (C-Media) C:\Windows\SysWOW64\cmpa108.dll
    2012-10-14 11:10 - 2012-10-14 11:11 - 23043511 ____A C:\Users\Babydoll\Downloads\SteelSeries_USB_Soundcard.zip
    2012-10-14 10:19 - 2012-10-14 11:35 - 00026848 ____A C:\Users\Babydoll\Desktop\dds.txt
    2012-10-14 10:16 - 2012-10-14 10:16 - 00000406 ____A C:\Users\Babydoll\Desktop\gmer.log
    2012-10-14 09:16 - 2012-10-14 09:17 - 00302592 ____A C:\Users\Babydoll\Downloads\tdod0y70.exe
    2012-10-14 09:06 - 2012-10-14 09:07 - 00302592 ____A C:\Users\Babydoll\Downloads\rmjplhf5.exe
    2012-10-14 09:06 - 2012-10-14 09:06 - 00302592 ____A C:\Users\Babydoll\Downloads\e30cxxrn.exe
    2012-10-14 09:01 - 2012-10-14 09:03 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-14 09:01 - 2012-10-14 09:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-14 09:01 - 2012-10-14 09:01 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Babydoll\Downloads\mbam-setup-1.65.0.1400.exe
    2012-10-14 09:01 - 2012-10-14 09:01 - 00000000 ____D C:\Users\Babydoll\AppData\Roaming\Malwarebytes
    2012-10-14 09:01 - 2012-10-14 09:01 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-14 09:01 - 2012-09-07 13:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-14 08:31 - 2012-10-14 08:31 - 02991832 ____A (ESET) C:\Users\Babydoll\Downloads\ERARemover_x64.exe
    2012-10-14 08:31 - 2012-10-14 08:31 - 00000000 ____D C:\Users\All Users\ESET
    2012-10-14 08:26 - 2012-10-14 08:26 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Babydoll\Downloads\tdsskiller.exe
    2012-10-14 08:26 - 2012-10-14 08:26 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-10-14 06:10 - 2012-10-14 06:10 - 00000000 ____D C:\Windows\SysWOW64\QuickTime
    2012-10-14 06:03 - 2012-10-14 06:03 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-10-14 05:55 - 2012-10-14 07:52 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-10-12 08:59 - 2012-10-12 08:59 - 00311859 ____A C:\Users\Babydoll\Downloads\Manamana Muppets.m4r
    2012-10-12 07:51 - 2012-10-14 07:52 - 00000000 ____D C:\Users\Babydoll\Downloads\Taken (2008) [DvdRip] [Xvid] {1337x}-Noir
    2012-10-11 17:01 - 2012-10-14 07:52 - 00000000 ____D C:\Users\Babydoll\Downloads\Tiesto - Elements Of Life
    2012-10-10 09:42 - 2012-08-20 10:48 - 01162240 ____N (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 09:42 - 2012-08-20 10:48 - 00424448 ____N (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 09:42 - 2012-08-20 10:48 - 00362496 ____N (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 09:42 - 2012-08-20 10:48 - 00243200 ____N (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 09:42 - 2012-08-20 10:48 - 00215040 ____N (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 09:42 - 2012-08-20 10:48 - 00013312 ____N (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 09:42 - 2012-08-20 09:37 - 01114112 ____N (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 09:42 - 2012-08-20 09:37 - 00274944 ____N (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 09:41 - 2012-08-24 10:05 - 00220160 ____N (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-10 09:41 - 2012-08-24 08:57 - 00172544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-10 09:41 - 2012-08-10 16:56 - 00715776 ____N (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-10 09:41 - 2012-06-01 20:36 - 01159680 ____N (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-08 08:04 - 2012-10-14 08:04 - 00000000 ____D C:\Program Files (x86)\Coupons
    2012-10-03 07:21 - 2012-10-14 11:12 - 00000201 ____A C:\Windows\Cm108.ini.imi
    2012-10-03 07:21 - 2011-07-04 13:09 - 00001353 ____N C:\Windows\cm108.ini
    2012-10-03 07:21 - 2010-08-12 14:26 - 01310720 ____A (C-Media Electronics Inc) C:\Windows\System32\Drivers\CM10864.sys
    2012-10-03 07:21 - 2009-08-19 12:00 - 00359424 ____N C:\Windows\System32\CmiInstallResAll64.dll
    2012-10-03 07:21 - 2008-10-02 13:17 - 00002029 ____N C:\Windows\Cm108.ini.cfg
    2012-10-02 07:42 - 2012-10-02 07:42 - 00000000 ____D C:\Users\Babydoll\AppData\Local\MFAData
    2012-10-02 07:42 - 2012-10-02 07:42 - 00000000 ____D C:\Users\Babydoll\AppData\Local\Avg2013
    2012-10-01 08:30 - 2012-10-01 08:30 - 00000000 ____D C:\Users\Babydoll\AppData\Local\Macromedia
    2012-09-30 08:04 - 2012-09-30 08:04 - 00000000 ___RD C:\Users\Babydoll\AppData\Roaming\Brother
    2012-09-29 18:22 - 2012-10-14 08:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-09-29 18:22 - 2012-10-14 08:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-09-29 18:22 - 2012-09-29 18:22 - 17790056 ____A (Mozilla) C:\Users\Babydoll\Downloads\Firefox Setup 15.0.1.exe
    2012-09-29 18:22 - 2012-09-29 18:22 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-09-29 18:22 - 2012-09-29 18:22 - 00000000 ____D C:\Users\Babydoll\AppData\Roaming\Mozilla
    2012-09-29 18:22 - 2012-09-29 18:22 - 00000000 ____D C:\Users\Babydoll\AppData\Local\Mozilla
    2012-09-29 18:22 - 2012-09-29 18:22 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-09-27 22:02 - 2012-09-27 22:02 - 00977535 ____A C:\Users\Babydoll\Desktop\znes.zip
    2012-09-27 20:29 - 2012-09-27 20:29 - 00027520 ____A C:\Users\Babydoll\AppData\Local\dt.dat
    2012-09-27 05:47 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-21 10:35 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-21 10:35 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-21 10:35 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-21 10:35 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-21 10:35 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-21 10:35 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-21 10:35 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-21 10:35 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-21 10:35 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-21 10:35 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-21 10:35 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-21 10:35 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-21 10:35 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-21 10:35 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-21 10:35 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-21 10:35 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-21 10:35 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-21 10:35 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-21 10:35 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-21 10:35 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-21 10:35 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-21 10:35 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-21 10:35 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-21 10:35 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-21 10:35 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-21 10:35 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-21 10:35 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-21 10:35 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-21 10:35 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-21 10:35 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-21 10:35 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-21 10:35 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-21 09:57 - 2012-09-21 09:57 - 03225616 ____A C:\Users\Babydoll\Downloads\advisorinstaller.exe
    2012-09-21 09:54 - 2012-09-21 09:54 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-09-21 09:51 - 2012-10-14 08:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2012-09-21 09:51 - 2012-09-21 09:51 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation
    2012-09-19 11:57 - 2012-09-19 11:57 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-19 11:57 - 2012-08-21 09:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-09-19 11:56 - 2012-10-14 08:02 - 00000000 ____D C:\Program Files\iTunes
    2012-09-19 11:56 - 2012-10-14 08:02 - 00000000 ____D C:\Program Files\iPod
    2012-09-19 11:56 - 2012-10-14 08:01 - 00000000 ____D C:\Program Files (x86)\iTunes
    2012-09-19 11:56 - 2012-09-19 11:57 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-19 09:55 - 2012-10-14 08:01 - 00000000 ____D C:\Program Files (x86)\Seagate
    2012-09-19 09:55 - 2012-09-19 09:55 - 00002453 ____A C:\Users\Public\Desktop\SeaTools for Windows.lnk
    2012-09-19 09:54 - 2012-09-19 09:54 - 21476536 ____A C:\Users\Babydoll\Downloads\SeaToolsforWindowsSetup-1206.exe
    2012-09-19 09:35 - 2012-10-14 09:03 - 00000000 ____D C:\Users\All Users\Hi-Rez Studios
    2012-09-19 09:35 - 2012-10-14 09:03 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
    2012-09-19 09:33 - 2012-09-19 09:33 - 14380880 ____A (Hi-Rez Studios) C:\Users\Babydoll\Downloads\InstallHiRezGamesEnglish.exe
    2012-09-19 07:30 - 2012-09-19 07:30 - 00000000 ____A C:\Users\Babydoll\Sti_Trace.log
    2012-09-18 22:25 - 2012-09-18 22:25 - 00275336 ____A C:\Windows\Minidump\091912-30560-01.dmp
    2012-09-18 06:17 - 2012-09-18 06:17 - 01651904 ____A (W3i, LLC) C:\Users\Babydoll\Downloads\coretemp_1236.exe
    2012-09-17 06:19 - 2012-09-17 06:19 - 00000318 ____A C:\Users\Babydoll\Desktop\Curse Client.appref-ms
    2012-09-17 06:15 - 2012-10-14 08:02 - 00000000 ____D C:\Program Files\Reference Assemblies
    2012-09-17 06:15 - 2012-10-14 08:02 - 00000000 ____D C:\Program Files\MSBuild
    2012-09-17 06:15 - 2012-10-14 08:01 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2012-09-17 06:15 - 2012-10-14 08:01 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2012-09-17 06:13 - 2012-09-17 06:13 - 00402280 ____A () C:\Users\Babydoll\Downloads\setup (1).exe
    2012-09-17 06:13 - 2012-09-17 06:13 - 00000000 __RHD C:\AHCache
    2012-09-17 05:59 - 2012-09-17 05:59 - 02959376 ____A (Microsoft Corporation) C:\Users\Babydoll\Downloads\dotnetfx35setup (1).exe
    2012-09-15 09:20 - 2012-09-15 09:20 - 02959376 ____A (Microsoft Corporation) C:\Users\Babydoll\Downloads\dotnetfx35setup.exe


    ==================== 3 Months Modified Files ==================

    2012-10-14 13:08 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 13:08 - 2009-07-13 20:45 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 13:07 - 2012-08-25 09:35 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-14 13:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-14 13:02 - 2009-07-13 20:51 - 00040622 ____A C:\Windows\setupact.log
    2012-10-14 12:51 - 2009-07-13 21:13 - 00779184 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-14 12:49 - 2012-10-14 12:49 - 01456929 ____A (Farbar) C:\Users\Babydoll\Downloads\FRST64.exe
    2012-10-14 12:19 - 2012-05-06 08:00 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2874638133-926241938-2017742220-1000UA.job
    2012-10-14 11:36 - 2012-10-14 11:36 - 00007296 ____A C:\Users\Babydoll\Desktop\attach.txt
    2012-10-14 11:35 - 2012-10-14 10:19 - 00026848 ____A C:\Users\Babydoll\Desktop\dds.txt
    2012-10-14 11:34 - 2012-10-14 11:34 - 00706431 ____R (Swearware) C:\Users\Babydoll\Downloads\dds.com
    2012-10-14 11:12 - 2012-10-14 11:12 - 00000169 ____A C:\Windows\Cm108.ini.cfl
    2012-10-14 11:12 - 2012-10-03 07:21 - 00000201 ____A C:\Windows\Cm108.ini.imi
    2012-10-14 11:11 - 2012-10-14 11:10 - 23043511 ____A C:\Users\Babydoll\Downloads\SteelSeries_USB_Soundcard.zip
    2012-10-14 10:16 - 2012-10-14 10:16 - 00000406 ____A C:\Users\Babydoll\Desktop\gmer.log
    2012-10-14 09:17 - 2012-10-14 09:16 - 00302592 ____A C:\Users\Babydoll\Downloads\tdod0y70.exe
    2012-10-14 09:14 - 2012-05-06 08:34 - 00010084 ____A C:\Windows\PFRO.log
    2012-10-14 09:07 - 2012-10-14 09:06 - 00302592 ____A C:\Users\Babydoll\Downloads\rmjplhf5.exe
    2012-10-14 09:07 - 2012-07-07 06:41 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-14 09:07 - 2012-07-07 06:41 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-14 09:06 - 2012-10-14 09:06 - 00302592 ____A C:\Users\Babydoll\Downloads\e30cxxrn.exe
    2012-10-14 09:03 - 2012-10-14 09:01 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-14 09:01 - 2012-10-14 09:01 - 10524080 ____A (Malwarebytes Corporation ) C:\Users\Babydoll\Downloads\mbam-setup-1.65.0.1400.exe
    2012-10-14 08:54 - 2012-07-19 18:35 - 00042496 __ASH C:\Users\Babydoll\Thumbs.db
    2012-10-14 08:43 - 2012-05-05 12:30 - 01338539 ____A C:\Windows\WindowsUpdate.log
    2012-10-14 08:31 - 2012-10-14 08:31 - 02991832 ____A (ESET) C:\Users\Babydoll\Downloads\ERARemover_x64.exe
    2012-10-14 08:26 - 2012-10-14 08:26 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Babydoll\Downloads\tdsskiller.exe
    2012-10-12 08:59 - 2012-10-12 08:59 - 00311859 ____A C:\Users\Babydoll\Downloads\Manamana Muppets.m4r
    2012-10-01 21:19 - 2012-05-06 08:00 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2874638133-926241938-2017742220-1000Core.job
    2012-09-29 18:22 - 2012-09-29 18:22 - 17790056 ____A (Mozilla) C:\Users\Babydoll\Downloads\Firefox Setup 15.0.1.exe
    2012-09-29 18:22 - 2012-09-29 18:22 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-09-27 22:02 - 2012-09-27 22:02 - 00977535 ____A C:\Users\Babydoll\Desktop\znes.zip
    2012-09-27 20:29 - 2012-09-27 20:29 - 00027520 ____A C:\Users\Babydoll\AppData\Local\dt.dat
    2012-09-27 18:24 - 2012-05-06 08:01 - 00002460 ____A C:\Users\Babydoll\Desktop\Google Chrome.lnk
    2012-09-22 13:15 - 2009-07-13 21:08 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-22 13:15 - 2009-07-13 21:08 - 00032538 ____A C:\Windows\Tasks\SCHEDLGU(103).TXT
    2012-09-22 09:48 - 2012-05-07 08:26 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys
    2012-09-22 09:48 - 2012-05-07 08:26 - 00003567 ____A C:\Windows\LkmdfCoInst.log
    2012-09-21 09:57 - 2012-09-21 09:57 - 03225616 ____A C:\Users\Babydoll\Downloads\advisorinstaller.exe
    2012-09-21 09:53 - 2012-05-07 08:20 - 00001624 ____A C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    2012-09-19 11:57 - 2012-09-19 11:57 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-19 09:55 - 2012-09-19 09:55 - 00002453 ____A C:\Users\Public\Desktop\SeaTools for Windows.lnk
    2012-09-19 09:54 - 2012-09-19 09:54 - 21476536 ____A C:\Users\Babydoll\Downloads\SeaToolsforWindowsSetup-1206.exe
    2012-09-19 09:33 - 2012-09-19 09:33 - 14380880 ____A (Hi-Rez Studios) C:\Users\Babydoll\Downloads\InstallHiRezGamesEnglish.exe
    2012-09-19 07:30 - 2012-09-19 07:30 - 00000000 ____A C:\Users\Babydoll\Sti_Trace.log
    2012-09-18 22:25 - 2012-09-18 22:25 - 00275336 ____A C:\Windows\Minidump\091912-30560-01.dmp
    2012-09-18 22:24 - 2012-09-09 06:56 - 656736647 ____A C:\Windows\MEMORY.DMP
    2012-09-18 06:17 - 2012-09-18 06:17 - 01651904 ____A (W3i, LLC) C:\Users\Babydoll\Downloads\coretemp_1236.exe
    2012-09-17 06:19 - 2012-09-17 06:19 - 00000318 ____A C:\Users\Babydoll\Desktop\Curse Client.appref-ms
    2012-09-17 06:13 - 2012-09-17 06:13 - 00402280 ____A () C:\Users\Babydoll\Downloads\setup (1).exe
    2012-09-17 05:59 - 2012-09-17 05:59 - 02959376 ____A (Microsoft Corporation) C:\Users\Babydoll\Downloads\dotnetfx35setup (1).exe
    2012-09-15 09:20 - 2012-09-15 09:20 - 02959376 ____A (Microsoft Corporation) C:\Users\Babydoll\Downloads\dotnetfx35setup.exe
    2012-09-12 21:42 - 2012-08-10 07:26 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-11 04:45 - 2012-05-06 08:23 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-09-09 08:27 - 2012-09-09 08:27 - 00255352 ____A (Audible, Inc.) C:\Windows\SysWOW64\awrdscdc.ax
    2012-09-09 08:27 - 2012-09-09 08:27 - 00001965 ____A C:\Users\Babydoll\Desktop\Audible Manager.lnk
    2012-09-09 08:25 - 2012-09-09 08:25 - 01730272 ____A (Audible Inc.) C:\Users\Babydoll\Downloads\ActiveSetupN.exe
    2012-09-09 06:56 - 2012-09-09 06:56 - 00275280 ____A C:\Windows\Minidump\090912-30669-01.dmp
    2012-09-07 13:04 - 2012-10-14 09:01 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-05 12:25 - 2012-09-05 12:25 - 00000054 ____A C:\Users\Babydoll\Desktop\KevinsNumbers.txt
    2012-09-05 09:09 - 2012-05-17 19:07 - 00095982 ____A C:\Windows\SysWOW64\debug.log
    2012-09-02 11:43 - 2012-09-02 11:44 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-02 11:43 - 2012-09-02 11:43 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-02 11:43 - 2012-09-02 11:43 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-02 11:43 - 2012-09-02 11:43 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-02 11:43 - 2012-06-06 10:37 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-02 11:43 - 2012-06-06 10:37 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-08-30 10:29 - 2012-08-30 10:29 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-28 07:16 - 2012-05-05 09:57 - 00001287 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
    2012-08-27 21:10 - 2012-08-26 07:12 - 00772214 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-26 07:09 - 2012-08-26 07:09 - 02378424 ____A (The Weather Channel Interactive) C:\Users\Babydoll\Downloads\weathersp3_StubInstaller.exe
    2012-08-25 09:34 - 2012-08-25 09:34 - 00439704 ____A (Yahoo! Inc.) C:\Users\Babydoll\Downloads\msgr11us.exe
    2012-08-24 11:43 - 2012-08-24 11:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-08-24 10:05 - 2012-10-10 09:41 - 00220160 ____N (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-10 09:41 - 00172544 ____N (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-21 10:35 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-21 10:35 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-21 10:35 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-21 10:35 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-21 10:35 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-21 10:35 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-21 10:35 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-21 10:35 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-21 10:35 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-21 10:35 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-21 10:35 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-21 10:35 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-21 10:35 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-21 10:35 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-21 10:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-21 10:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-21 10:35 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-21 10:35 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-21 10:35 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-21 10:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-21 10:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-21 10:35 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-21 10:35 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-21 10:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-21 10:35 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-21 10:35 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-21 10:35 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-21 10:35 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-21 10:35 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-21 10:35 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-21 10:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-21 10:35 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-23 19:25 - 2012-08-23 19:25 - 00002049 ____A C:\Users\Public\Desktop\Media Manager for WALKMAN 1.2.lnk
    2012-08-23 19:23 - 2012-08-23 19:22 - 50371128 ____A (Sony Creative Software Inc.) C:\Users\Babydoll\Downloads\mm4wm12_lite.exe
    2012-08-23 19:00 - 2012-08-23 18:59 - 60696384 ____A (Sony Corporation ) C:\Users\Babydoll\Downloads\ContentTransferInstaller-v13.exe
    2012-08-22 13:29 - 2012-08-22 13:29 - 08351056 ____A (AVG ) C:\Users\Babydoll\Downloads\avg_pct_stf_all_10_27_c5 (1).exe
    2012-08-22 13:26 - 2012-08-22 13:26 - 08351056 ____A (AVG ) C:\Users\Babydoll\Downloads\avg_pct_stf_all_10_27_c5.exe
    2012-08-22 10:12 - 2012-09-12 05:27 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 05:27 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 05:27 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 05:27 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-27 05:47 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-21 09:01 - 2012-09-19 11:57 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 09:01 - 2012-05-28 07:43 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 09:01 - 2012-05-28 07:43 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-20 10:48 - 2012-10-10 09:42 - 01162240 ____N (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-10 09:42 - 00424448 ____N (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-10 09:42 - 00362496 ____N (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-10 09:42 - 00243200 ____N (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-10 09:42 - 00215040 ____N (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-10 09:42 - 00013312 ____N (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 09:37 - 2012-10-10 09:42 - 01114112 ____N (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-10 09:42 - 00274944 ____N (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-19 19:01 - 2012-08-19 19:01 - 00262144 ____N C:\Windows\Minidump\081912-36488-01.dmp
    2012-08-16 04:26 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-15 13:52 - 2012-08-15 13:52 - 00946352 ____A (Skype Technologies S.A.) C:\Users\Babydoll\Downloads\SkypeSetup (1).exe
    2012-08-13 22:22 - 2012-08-13 22:22 - 02126944 ____A (Tinychat Co.) C:\Users\Babydoll\Downloads\TinychatAir (1).exe
    2012-08-13 21:56 - 2012-08-13 21:56 - 12172520 ____A (Tinychat Co.) C:\Users\Babydoll\Downloads\TinychatAir.exe
    2012-08-10 16:56 - 2012-10-10 09:41 - 00715776 ____N (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 07:23 - 2009-07-13 18:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
    2012-08-10 07:23 - 2009-07-13 18:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
    2012-08-09 17:10 - 2012-08-09 17:10 - 31726720 ____A (Blizzard Entertainment) C:\Users\Babydoll\Downloads\World of Warcraft Beta Setup.exe
    2012-08-02 09:58 - 2012-09-12 05:27 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-12 05:27 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-27 20:09 - 2011-04-20 00:38 - 05538984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
    2012-07-27 20:07 - 2012-07-27 20:07 - 10278912 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
    2012-07-27 19:43 - 2012-07-27 19:43 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.982.dll
    2012-07-27 19:19 - 2012-07-27 19:19 - 24935424 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
    2012-07-27 18:50 - 2012-07-27 18:50 - 20546560 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
    2012-07-27 18:47 - 2012-07-27 18:47 - 00187392 ____A C:\Windows\System32\clinfo.exe
    2012-07-27 18:47 - 2012-07-27 18:47 - 00075776 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll
    2012-07-27 18:47 - 2012-07-27 18:47 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
    2012-07-27 18:47 - 2012-07-27 18:47 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll
    2012-07-27 18:47 - 2012-07-27 18:47 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
    2012-07-27 18:46 - 2012-07-27 18:46 - 16464896 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
    2012-07-27 18:46 - 2012-07-27 18:46 - 13013504 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
    2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\SysWOW64\atiapfxx.blb
    2012-07-27 18:17 - 2012-07-27 18:17 - 00268728 ____A C:\Windows\System32\atiapfxx.blb
    2012-07-27 18:15 - 2012-07-27 18:15 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
    2012-07-27 18:15 - 2011-04-20 01:09 - 00931328 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
    2012-07-27 18:13 - 2012-04-05 18:20 - 01100288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
    2012-07-27 18:10 - 2012-07-27 18:10 - 00534528 ____A (AMD) C:\Windows\System32\atieclxx.exe
    2012-07-27 18:10 - 2012-07-27 18:10 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
    2012-07-27 18:09 - 2012-07-27 18:09 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
    2012-07-27 18:08 - 2012-07-27 18:08 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
    2012-07-27 18:08 - 2012-07-27 18:08 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
    2012-07-27 18:07 - 2012-07-27 18:07 - 06430208 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
    2012-07-27 18:07 - 2012-07-27 18:07 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
    2012-07-27 18:07 - 2012-07-27 18:07 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
    2012-07-27 17:51 - 2012-07-27 17:51 - 07052288 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
    2012-07-27 17:41 - 2012-04-05 17:34 - 04266496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
    2012-07-27 17:39 - 2012-07-27 17:39 - 03150560 ____A C:\Windows\System32\atiumd6a.cap
    2012-07-27 17:35 - 2012-07-27 17:35 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
    2012-07-27 17:35 - 2012-07-27 17:35 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
    2012-07-27 17:35 - 2012-07-27 17:35 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
    2012-07-27 17:35 - 2012-07-27 17:35 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
    2012-07-27 17:34 - 2012-07-27 17:34 - 16034304 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
    2012-07-27 17:32 - 2011-04-20 00:30 - 04751872 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
    2012-07-27 17:30 - 2012-07-27 17:30 - 13605888 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
    2012-07-27 17:30 - 2012-07-27 17:30 - 03187136 ____A C:\Windows\SysWOW64\atiumdva.cap
    2012-07-27 17:25 - 2012-04-05 17:23 - 06676480 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
    2012-07-27 17:15 - 2012-07-27 17:15 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
    2012-07-27 17:15 - 2012-04-05 17:11 - 00540160 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
    2012-07-27 17:14 - 2012-07-27 17:14 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
    2012-07-27 17:14 - 2012-07-27 17:14 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
    2012-07-27 17:13 - 2012-07-27 17:13 - 00109568 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
    2012-07-27 17:13 - 2012-04-05 17:09 - 00103936 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
    2012-07-27 17:13 - 2011-04-20 00:21 - 00129536 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
    2012-07-27 17:13 - 2011-04-20 00:21 - 00083456 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
    2012-07-27 17:12 - 2012-07-27 17:12 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
    2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
    2012-07-27 17:08 - 2012-07-27 17:08 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
    2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
    2012-07-27 17:08 - 2012-07-27 17:08 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
    2012-07-26 15:46 - 2012-07-26 15:46 - 00002379 ____A C:\Users\Babydoll\Documents\MumbleAutomaticCertificateBackup.p12
    2012-07-26 15:34 - 2012-07-26 15:34 - 17904640 ____A C:\Users\Babydoll\Downloads\mumble-1.2.3a.msi
    2012-07-25 23:21 - 2012-07-25 23:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-07-18 10:15 - 2012-08-15 06:21 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

    ZeroAccess:
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\@
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\00000004.@
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\00000008.@
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\000000cb.@
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\80000000.@
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\80000032.@
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-10 21:32:21
    Restore point made on: 2012-10-14 07:47:33
    Restore point made on: 2012-10-14 08:51:09
    Restore point made on: 2012-10-14 09:03:02
    Restore point made on: 2012-10-14 11:11:45

    ==================== Memory info ===========================

    Percentage of memory in use: 9%
    Total physical RAM: 8191.23 MB
    Available physical RAM: 7416.75 MB
    Total Pagefile: 8189.38 MB
    Available Pagefile: 7404.88 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:465.76 GB) (Free:334.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
    3 Drive e: (USB20FD) (Removable) (Total:7.52 GB) (Free:7.52 GB) FAT32
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 7722 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 465 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 465 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7719 MB 3004 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E USB20FD FAT32 Removable 7719 MB Healthy

    =========================================================

    Last Boot: 2012-10-08 07:45

    ==================== End Of Log =============================


    Farbar Recovery Scan Tool (x64) Version: 14-10-2012
    Ran by SYSTEM at 2012-10-14 17:14:25
    Running from E:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  6. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    =================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ===============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  7. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-10-2012
    Ran by SYSTEM at 2012-10-14 18:21:20 Run:1
    Running from E:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{04cfe51a-6306-2045-1172-609246c62773} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  8. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    18:26:48.0383 5908 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    18:26:48.0684 5908 ============================================================
    18:26:48.0684 5908 Current date / time: 2012/10/14 18:26:48.0684
    18:26:48.0684 5908 SystemInfo:
    18:26:48.0684 5908
    18:26:48.0684 5908 OS Version: 6.1.7601 ServicePack: 1.0
    18:26:48.0684 5908 Product type: Workstation
    18:26:48.0684 5908 ComputerName: BABYDOLL-PC
    18:26:48.0684 5908 UserName: Babydoll
    18:26:48.0686 5908 Windows directory: C:\Windows
    18:26:48.0686 5908 System windows directory: C:\Windows
    18:26:48.0686 5908 Running under WOW64
    18:26:48.0686 5908 Processor architecture: Intel x64
    18:26:48.0686 5908 Number of processors: 2
    18:26:48.0686 5908 Page size: 0x1000
    18:26:48.0686 5908 Boot type: Normal boot
    18:26:48.0686 5908 ============================================================
    18:26:50.0633 5908 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:26:50.0637 5908 Drive \Device\Harddisk1\DR1 - Size: 0x1E2A00000 (7.54 Gb), SectorSize: 0x200, Cylinders: 0x3D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:26:50.0639 5908 ============================================================
    18:26:50.0639 5908 \Device\Harddisk0\DR0:
    18:26:50.0639 5908 MBR partitions:
    18:26:50.0639 5908 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
    18:26:50.0639 5908 \Device\Harddisk1\DR1:
    18:26:50.0639 5908 MBR partitions:
    18:26:50.0641 5908 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1778, BlocksNum 0xF13888
    18:26:50.0641 5908 ============================================================
    18:26:50.0651 5908 C: <-> \Device\Harddisk0\DR0\Partition1
    18:26:50.0651 5908 ============================================================
    18:26:50.0651 5908 Initialize success
    18:26:50.0651 5908 ============================================================
    18:27:02.0168 6008 ============================================================
    18:27:02.0168 6008 Scan started
    18:27:02.0168 6008 Mode: Manual;
    18:27:02.0168 6008 ============================================================
    18:27:04.0852 6008 ================ Scan system memory ========================
    18:27:04.0852 6008 System memory - ok
    18:27:04.0853 6008 ================ Scan services =============================
    18:27:05.0438 6008 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    18:27:05.0440 6008 1394ohci - ok
    18:27:05.0517 6008 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:27:05.0518 6008 ACPI - ok
    18:27:05.0572 6008 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:27:05.0577 6008 AcpiPmi - ok
    18:27:05.0774 6008 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:27:05.0777 6008 AdobeARMservice - ok
    18:27:06.0428 6008 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:27:06.0443 6008 AdobeFlashPlayerUpdateSvc - ok
    18:27:06.0525 6008 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    18:27:06.0538 6008 adp94xx - ok
    18:27:06.0652 6008 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    18:27:06.0667 6008 adpahci - ok
    18:27:06.0684 6008 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    18:27:06.0693 6008 adpu320 - ok
    18:27:06.0732 6008 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:27:06.0734 6008 AeLookupSvc - ok
    18:27:06.0798 6008 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    18:27:06.0812 6008 AFD - ok
    18:27:06.0874 6008 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:27:06.0892 6008 agp440 - ok
    18:27:06.0932 6008 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    18:27:06.0943 6008 ALG - ok
    18:27:06.0987 6008 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:27:06.0989 6008 aliide - ok
    18:27:07.0073 6008 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    18:27:07.0078 6008 AMD External Events Utility - ok
    18:27:07.0298 6008 AMD FUEL Service - ok
    18:27:07.0362 6008 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    18:27:07.0369 6008 amdide - ok
    18:27:07.0407 6008 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
    18:27:07.0409 6008 amdiox64 - ok
    18:27:07.0443 6008 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    18:27:07.0462 6008 AmdK8 - ok
    18:27:08.0169 6008 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    18:27:08.0328 6008 amdkmdag - ok
    18:27:08.0383 6008 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    18:27:08.0389 6008 amdkmdap - ok
    18:27:08.0438 6008 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    18:27:08.0440 6008 AmdPPM - ok
    18:27:08.0500 6008 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:27:08.0502 6008 amdsata - ok
    18:27:08.0522 6008 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    18:27:08.0530 6008 amdsbs - ok
    18:27:08.0552 6008 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:27:08.0553 6008 amdxata - ok
    18:27:08.0645 6008 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
    18:27:08.0648 6008 AODDriver4.1 - ok
    18:27:08.0705 6008 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    18:27:08.0719 6008 AppID - ok
    18:27:08.0757 6008 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:27:08.0762 6008 AppIDSvc - ok
    18:27:08.0810 6008 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    18:27:08.0827 6008 Appinfo - ok
    18:27:08.0934 6008 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:27:08.0939 6008 Apple Mobile Device - ok
    18:27:08.0983 6008 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
    18:27:08.0987 6008 AppMgmt - ok
    18:27:09.0044 6008 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    18:27:09.0047 6008 arc - ok
    18:27:09.0069 6008 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    18:27:09.0084 6008 arcsas - ok
    18:27:09.0165 6008 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    18:27:09.0168 6008 AsIO - ok
    18:27:09.0389 6008 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:27:09.0460 6008 aspnet_state - ok
    18:27:09.0553 6008 [ 954FFBFF05B0B60EB63B52AF561436C4 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    18:27:09.0555 6008 AsSysCtrlService - ok
    18:27:09.0603 6008 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:27:09.0612 6008 AsyncMac - ok
    18:27:09.0675 6008 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    18:27:09.0677 6008 atapi - ok
    18:27:09.0838 6008 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    18:27:09.0839 6008 AtiHDAudioService - ok
    18:27:09.0979 6008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:27:09.0984 6008 AudioEndpointBuilder - ok
    18:27:10.0037 6008 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    18:27:10.0047 6008 AudioSrv - ok
    18:27:10.0886 6008 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    18:27:10.0910 6008 AVGIDSAgent - ok
    18:27:10.0959 6008 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    18:27:10.0961 6008 AVGIDSDriver - ok
    18:27:10.0978 6008 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
    18:27:10.0979 6008 AVGIDSFilter - ok
    18:27:10.0995 6008 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    18:27:10.0996 6008 AVGIDSHA - ok
    18:27:11.0036 6008 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    18:27:11.0041 6008 Avgldx64 - ok
    18:27:11.0053 6008 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    18:27:11.0056 6008 Avgmfx64 - ok
    18:27:11.0108 6008 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    18:27:11.0110 6008 Avgrkx64 - ok
    18:27:11.0151 6008 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    18:27:11.0158 6008 Avgtdia - ok
    18:27:11.0214 6008 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    18:27:11.0216 6008 avgtp - ok
    18:27:11.0244 6008 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    18:27:11.0249 6008 avgwd - ok
    18:27:11.0301 6008 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:27:11.0306 6008 AxInstSV - ok
    18:27:11.0388 6008 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    18:27:11.0398 6008 b06bdrv - ok
    18:27:11.0428 6008 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:27:11.0435 6008 b57nd60a - ok
    18:27:11.0473 6008 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:27:11.0479 6008 BDESVC - ok
    18:27:11.0514 6008 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:27:11.0515 6008 Beep - ok
    18:27:11.0575 6008 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    18:27:11.0603 6008 BFE - ok
    18:27:11.0640 6008 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:27:11.0643 6008 blbdrive - ok
    18:27:11.0710 6008 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:27:11.0718 6008 Bonjour Service - ok
    18:27:11.0783 6008 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:27:11.0785 6008 bowser - ok
    18:27:11.0859 6008 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:27:11.0863 6008 BrFiltLo - ok
    18:27:11.0880 6008 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:27:11.0883 6008 BrFiltUp - ok
    18:27:11.0913 6008 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    18:27:11.0915 6008 Browser - ok
    18:27:11.0921 6008 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:27:11.0924 6008 Brserid - ok
    18:27:11.0928 6008 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:27:11.0930 6008 BrSerWdm - ok
    18:27:11.0933 6008 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:27:11.0934 6008 BrUsbMdm - ok
    18:27:11.0938 6008 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:27:11.0939 6008 BrUsbSer - ok
    18:27:11.0971 6008 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
    18:27:11.0974 6008 BrYNSvc - ok
    18:27:12.0009 6008 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    18:27:12.0013 6008 BTHMODEM - ok
    18:27:12.0076 6008 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    18:27:12.0081 6008 bthserv - ok
    18:27:12.0118 6008 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:27:12.0120 6008 cdfs - ok
    18:27:12.0181 6008 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    18:27:12.0186 6008 cdrom - ok
    18:27:12.0243 6008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    18:27:12.0248 6008 CertPropSvc - ok
    18:27:12.0310 6008 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    18:27:12.0320 6008 circlass - ok
    18:27:12.0351 6008 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    18:27:12.0358 6008 CLFS - ok
    18:27:12.0416 6008 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:27:12.0423 6008 clr_optimization_v2.0.50727_32 - ok
    18:27:12.0465 6008 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:27:12.0469 6008 clr_optimization_v2.0.50727_64 - ok
    18:27:12.0571 6008 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:27:12.0680 6008 clr_optimization_v4.0.30319_32 - ok
    18:27:12.0709 6008 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:27:12.0803 6008 clr_optimization_v4.0.30319_64 - ok
    18:27:12.0849 6008 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    18:27:12.0853 6008 CmBatt - ok
    18:27:12.0879 6008 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:27:12.0881 6008 cmdide - ok
    18:27:12.0926 6008 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    18:27:12.0934 6008 CNG - ok
    18:27:12.0955 6008 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    18:27:12.0970 6008 Compbatt - ok
    18:27:13.0038 6008 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    18:27:13.0040 6008 CompositeBus - ok
    18:27:13.0063 6008 COMSysApp - ok
    18:27:13.0095 6008 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    18:27:13.0098 6008 crcdisk - ok
    18:27:13.0156 6008 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:27:13.0161 6008 CryptSvc - ok
    18:27:13.0209 6008 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
    18:27:13.0219 6008 CSC - ok
    18:27:13.0286 6008 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
    18:27:13.0298 6008 CscService - ok
    18:27:13.0361 6008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:27:13.0374 6008 DcomLaunch - ok
    18:27:13.0406 6008 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    18:27:13.0410 6008 defragsvc - ok
    18:27:13.0441 6008 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:27:13.0444 6008 DfsC - ok
    18:27:13.0525 6008 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:27:13.0531 6008 Dhcp - ok
    18:27:13.0565 6008 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    18:27:13.0568 6008 discache - ok
    18:27:13.0606 6008 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    18:27:13.0609 6008 Disk - ok
    18:27:13.0640 6008 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:27:13.0645 6008 Dnscache - ok
    18:27:13.0703 6008 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:27:13.0710 6008 dot3svc - ok
    18:27:13.0758 6008 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    18:27:13.0763 6008 DPS - ok
    18:27:13.0821 6008 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:27:13.0824 6008 drmkaud - ok
    18:27:13.0931 6008 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:27:13.0946 6008 DXGKrnl - ok
    18:27:13.0999 6008 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    18:27:14.0013 6008 EapHost - ok
    18:27:14.0083 6008 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    18:27:14.0118 6008 ebdrv - ok
    18:27:14.0144 6008 efavdrv - ok
    18:27:14.0173 6008 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    18:27:14.0175 6008 EFS - ok
    18:27:14.0236 6008 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:27:14.0249 6008 ehRecvr - ok
    18:27:14.0283 6008 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    18:27:14.0285 6008 ehSched - ok
    18:27:14.0311 6008 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    18:27:14.0319 6008 elxstor - ok
    18:27:14.0329 6008 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:27:14.0331 6008 ErrDev - ok
    18:27:14.0381 6008 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    18:27:14.0385 6008 EventSystem - ok
    18:27:14.0406 6008 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    18:27:14.0409 6008 exfat - ok
    18:27:14.0426 6008 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:27:14.0429 6008 fastfat - ok
    18:27:14.0498 6008 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    18:27:14.0509 6008 Fax - ok
    18:27:14.0553 6008 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    18:27:14.0556 6008 fdc - ok
    18:27:14.0586 6008 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    18:27:14.0589 6008 fdPHost - ok
    18:27:14.0608 6008 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    18:27:14.0611 6008 FDResPub - ok
    18:27:14.0624 6008 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:27:14.0625 6008 FileInfo - ok
    18:27:14.0639 6008 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:27:14.0640 6008 Filetrace - ok
    18:27:14.0673 6008 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    18:27:14.0674 6008 flpydisk - ok
    18:27:14.0784 6008 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:27:14.0789 6008 FltMgr - ok
    18:27:14.0853 6008 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    18:27:14.0876 6008 FontCache - ok
    18:27:14.0946 6008 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:27:14.0948 6008 FontCache3.0.0.0 - ok
    18:27:14.0996 6008 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:27:15.0001 6008 FsDepends - ok
    18:27:15.0019 6008 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:27:15.0020 6008 Fs_Rec - ok
    18:27:15.0059 6008 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:27:15.0061 6008 fvevol - ok
    18:27:15.0084 6008 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:27:15.0086 6008 gagp30kx - ok
    18:27:15.0141 6008 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:27:15.0144 6008 GEARAspiWDM - ok
    18:27:15.0199 6008 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    18:27:15.0213 6008 gpsvc - ok
    18:27:15.0300 6008 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:27:15.0321 6008 hcw85cir - ok
    18:27:15.0374 6008 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:27:15.0383 6008 HdAudAddService - ok
    18:27:15.0421 6008 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    18:27:15.0425 6008 HDAudBus - ok
    18:27:15.0450 6008 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    18:27:15.0454 6008 HidBatt - ok
    18:27:15.0474 6008 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    18:27:15.0478 6008 HidBth - ok
    18:27:15.0496 6008 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    18:27:15.0498 6008 HidIr - ok
    18:27:15.0516 6008 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    18:27:15.0519 6008 hidserv - ok
    18:27:15.0570 6008 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:27:15.0571 6008 HidUsb - ok
    18:27:15.0603 6008 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:27:15.0608 6008 hkmsvc - ok
    18:27:15.0658 6008 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:27:15.0668 6008 HomeGroupListener - ok
    18:27:15.0699 6008 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:27:15.0705 6008 HomeGroupProvider - ok
    18:27:15.0735 6008 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:27:15.0748 6008 HpSAMD - ok
    18:27:15.0863 6008 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:27:15.0874 6008 HTTP - ok
    18:27:15.0933 6008 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:27:15.0933 6008 hwpolicy - ok
    18:27:16.0010 6008 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    18:27:16.0015 6008 i8042prt - ok
    18:27:16.0056 6008 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:27:16.0063 6008 iaStorV - ok
    18:27:16.0156 6008 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:27:16.0175 6008 idsvc - ok
    18:27:16.0198 6008 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    18:27:16.0199 6008 iirsp - ok
    18:27:16.0248 6008 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    18:27:16.0275 6008 IKEEXT - ok
    18:27:16.0295 6008 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    18:27:16.0296 6008 intelide - ok
    18:27:16.0338 6008 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:27:16.0340 6008 intelppm - ok
    18:27:16.0361 6008 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:27:16.0364 6008 IPBusEnum - ok
    18:27:16.0394 6008 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:27:16.0396 6008 IpFilterDriver - ok
    18:27:16.0416 6008 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    18:27:16.0421 6008 iphlpsvc - ok
    18:27:16.0456 6008 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:27:16.0459 6008 IPMIDRV - ok
    18:27:16.0499 6008 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:27:16.0511 6008 IPNAT - ok
    18:27:16.0625 6008 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:27:16.0640 6008 iPod Service - ok
    18:27:16.0680 6008 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:27:16.0683 6008 IRENUM - ok
    18:27:16.0714 6008 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:27:16.0716 6008 isapnp - ok
    18:27:16.0764 6008 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:27:16.0769 6008 iScsiPrt - ok
    18:27:16.0786 6008 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    18:27:16.0788 6008 kbdclass - ok
    18:27:16.0830 6008 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    18:27:16.0834 6008 kbdhid - ok
    18:27:16.0849 6008 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    18:27:16.0851 6008 KeyIso - ok
    18:27:16.0886 6008 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:27:16.0888 6008 KSecDD - ok
    18:27:16.0913 6008 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:27:16.0915 6008 KSecPkg - ok
    18:27:16.0936 6008 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    18:27:16.0945 6008 ksthunk - ok
    18:27:16.0976 6008 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:27:16.0983 6008 KtmRm - ok
    18:27:17.0033 6008 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    18:27:17.0041 6008 LanmanServer - ok
    18:27:17.0073 6008 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:27:17.0080 6008 LanmanWorkstation - ok
    18:27:17.0198 6008 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    18:27:17.0206 6008 LBTServ - ok
    18:27:17.0263 6008 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys
    18:27:17.0266 6008 LEqdUsb - ok
    18:27:17.0275 6008 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys
    18:27:17.0278 6008 LHidEqd - ok
    18:27:17.0318 6008 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
    18:27:17.0320 6008 LHidFilt - ok
    18:27:17.0361 6008 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:27:17.0363 6008 lltdio - ok
    18:27:17.0418 6008 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:27:17.0434 6008 lltdsvc - ok
    18:27:17.0449 6008 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:27:17.0453 6008 lmhosts - ok
    18:27:17.0495 6008 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
    18:27:17.0498 6008 LMouFilt - ok
    18:27:17.0544 6008 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:27:17.0548 6008 LSI_FC - ok
    18:27:17.0583 6008 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:27:17.0588 6008 LSI_SAS - ok
    18:27:17.0608 6008 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:27:17.0611 6008 LSI_SAS2 - ok
    18:27:17.0629 6008 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:27:17.0636 6008 LSI_SCSI - ok
    18:27:17.0676 6008 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    18:27:17.0678 6008 luafv - ok
    18:27:17.0720 6008 [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
    18:27:17.0724 6008 LVRS64 - ok
    18:27:17.0824 6008 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
    18:27:17.0863 6008 LVUVC64 - ok
    18:27:17.0915 6008 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    18:27:17.0918 6008 MBAMProtector - ok
    18:27:17.0994 6008 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    18:27:18.0001 6008 MBAMScheduler - ok
    18:27:18.0061 6008 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    18:27:18.0071 6008 MBAMService - ok
    18:27:18.0104 6008 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:27:18.0108 6008 Mcx2Svc - ok
    18:27:18.0128 6008 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    18:27:18.0130 6008 megasas - ok
    18:27:18.0153 6008 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    18:27:18.0158 6008 MegaSR - ok
    18:27:18.0200 6008 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    18:27:18.0203 6008 MMCSS - ok
    18:27:18.0214 6008 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    18:27:18.0216 6008 Modem - ok
    18:27:18.0254 6008 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:27:18.0255 6008 monitor - ok
    18:27:18.0301 6008 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    18:27:18.0303 6008 mouclass - ok
    18:27:18.0350 6008 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:27:18.0354 6008 mouhid - ok
    18:27:18.0388 6008 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:27:18.0389 6008 mountmgr - ok
    18:27:18.0471 6008 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:27:18.0476 6008 MozillaMaintenance - ok
    18:27:18.0510 6008 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:27:18.0515 6008 mpio - ok
    18:27:18.0547 6008 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:27:18.0550 6008 mpsdrv - ok
    18:27:18.0608 6008 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:27:18.0613 6008 MpsSvc - ok
    18:27:18.0646 6008 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:27:18.0648 6008 MRxDAV - ok
    18:27:18.0667 6008 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:27:18.0671 6008 mrxsmb - ok
    18:27:18.0688 6008 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:27:18.0693 6008 mrxsmb10 - ok
    18:27:18.0706 6008 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:27:18.0707 6008 mrxsmb20 - ok
    18:27:18.0737 6008 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    18:27:18.0738 6008 msahci - ok
    18:27:18.0785 6008 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:27:18.0790 6008 msdsm - ok
    18:27:18.0817 6008 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    18:27:18.0826 6008 MSDTC - ok
    18:27:18.0883 6008 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:27:18.0885 6008 Msfs - ok
    18:27:18.0898 6008 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:27:18.0900 6008 mshidkmdf - ok
    18:27:18.0932 6008 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:27:18.0932 6008 msisadrv - ok
    18:27:18.0981 6008 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:27:18.0987 6008 MSiSCSI - ok
    18:27:18.0996 6008 msiserver - ok
    18:27:19.0033 6008 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:27:19.0036 6008 MSKSSRV - ok
    18:27:19.0063 6008 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:27:19.0066 6008 MSPCLOCK - ok
    18:27:19.0086 6008 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:27:19.0088 6008 MSPQM - ok
    18:27:19.0127 6008 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:27:19.0133 6008 MsRPC - ok
    18:27:19.0172 6008 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    18:27:19.0173 6008 mssmbios - ok
    18:27:19.0205 6008 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:27:19.0207 6008 MSTEE - ok
    18:27:19.0216 6008 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    18:27:19.0220 6008 MTConfig - ok
    18:27:19.0262 6008 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    18:27:19.0263 6008 MTsensor - ok
    18:27:19.0312 6008 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:27:19.0313 6008 Mup - ok
    18:27:19.0346 6008 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    18:27:19.0353 6008 napagent - ok
    18:27:19.0407 6008 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:27:19.0413 6008 NativeWifiP - ok
    18:27:19.0463 6008 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:27:19.0477 6008 NDIS - ok
    18:27:19.0500 6008 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:27:19.0502 6008 NdisCap - ok
    18:27:19.0548 6008 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:27:19.0551 6008 NdisTapi - ok
    18:27:19.0590 6008 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:27:19.0592 6008 Ndisuio - ok
    18:27:19.0626 6008 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:27:19.0630 6008 NdisWan - ok
    18:27:19.0668 6008 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:27:19.0671 6008 NDProxy - ok
    18:27:19.0730 6008 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:27:19.0740 6008 NetBIOS - ok
    18:27:19.0781 6008 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:27:19.0786 6008 NetBT - ok
    18:27:19.0798 6008 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    18:27:19.0802 6008 Netlogon - ok
    18:27:19.0843 6008 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    18:27:19.0850 6008 Netman - ok
    18:27:19.0901 6008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:27:19.0932 6008 NetMsmqActivator - ok
    18:27:19.0971 6008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:27:19.0976 6008 NetPipeActivator - ok
    18:27:20.0018 6008 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    18:27:20.0028 6008 netprofm - ok
    18:27:20.0050 6008 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:27:20.0051 6008 NetTcpActivator - ok
    18:27:20.0080 6008 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:27:20.0081 6008 NetTcpPortSharing - ok
    18:27:20.0108 6008 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    18:27:20.0110 6008 nfrd960 - ok
    18:27:20.0150 6008 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:27:20.0153 6008 NlaSvc - ok
    18:27:20.0165 6008 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:27:20.0166 6008 Npfs - ok
    18:27:20.0190 6008 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    18:27:20.0191 6008 nsi - ok
    18:27:20.0208 6008 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:27:20.0210 6008 nsiproxy - ok
    18:27:20.0280 6008 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:27:20.0295 6008 Ntfs - ok
    18:27:20.0321 6008 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    18:27:20.0322 6008 Null - ok
    18:27:20.0370 6008 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    18:27:20.0375 6008 NVENETFD - ok
    18:27:20.0650 6008 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:27:20.0703 6008 nvlddmkm - ok
    18:27:20.0750 6008 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:27:20.0752 6008 nvraid - ok
    18:27:20.0767 6008 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:27:20.0768 6008 nvstor - ok
    18:27:20.0821 6008 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
    18:27:20.0827 6008 nvsvc - ok
    18:27:20.0852 6008 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:27:20.0857 6008 nv_agp - ok
    18:27:20.0898 6008 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:27:20.0901 6008 ohci1394 - ok
    18:27:20.0928 6008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:27:20.0933 6008 p2pimsvc - ok
    18:27:20.0948 6008 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:27:20.0956 6008 p2psvc - ok
    18:27:21.0001 6008 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    18:27:21.0003 6008 Parport - ok
    18:27:21.0037 6008 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:27:21.0040 6008 partmgr - ok
    18:27:21.0071 6008 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:27:21.0077 6008 PcaSvc - ok
    18:27:21.0113 6008 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    18:27:21.0117 6008 pci - ok
    18:27:21.0146 6008 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    18:27:21.0147 6008 pciide - ok
    18:27:21.0175 6008 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    18:27:21.0181 6008 pcmcia - ok
    18:27:21.0197 6008 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    18:27:21.0198 6008 pcw - ok
    18:27:21.0217 6008 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:27:21.0221 6008 PEAUTH - ok
    18:27:21.0255 6008 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    18:27:21.0266 6008 PeerDistSvc - ok
    18:27:21.0355 6008 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    18:27:21.0360 6008 PerfHost - ok
    18:27:21.0466 6008 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    18:27:21.0492 6008 pla - ok
    18:27:21.0522 6008 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:27:21.0526 6008 PlugPlay - ok
    18:27:21.0550 6008 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:27:21.0552 6008 PNRPAutoReg - ok
    18:27:21.0571 6008 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:27:21.0575 6008 PNRPsvc - ok
    18:27:21.0623 6008 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:27:21.0636 6008 PolicyAgent - ok
    18:27:21.0672 6008 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    18:27:21.0675 6008 Power - ok
    18:27:21.0716 6008 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:27:21.0717 6008 PptpMiniport - ok
    18:27:21.0737 6008 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    18:27:21.0741 6008 Processor - ok
    18:27:21.0796 6008 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    18:27:21.0802 6008 ProfSvc - ok
    18:27:21.0815 6008 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:27:21.0818 6008 ProtectedStorage - ok
    18:27:21.0855 6008 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:27:21.0857 6008 Psched - ok
    18:27:21.0937 6008 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    18:27:21.0965 6008 ql2300 - ok
    18:27:21.0990 6008 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    18:27:21.0992 6008 ql40xx - ok
    18:27:22.0018 6008 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    18:27:22.0023 6008 QWAVE - ok
    18:27:22.0032 6008 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:27:22.0035 6008 QWAVEdrv - ok
    18:27:22.0051 6008 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:27:22.0052 6008 RasAcd - ok
    18:27:22.0091 6008 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:27:22.0093 6008 RasAgileVpn - ok
    18:27:22.0121 6008 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    18:27:22.0137 6008 RasAuto - ok
    18:27:22.0180 6008 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:27:22.0183 6008 Rasl2tp - ok
    18:27:22.0202 6008 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    18:27:22.0210 6008 RasMan - ok
    18:27:22.0253 6008 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:27:22.0256 6008 RasPppoe - ok
    18:27:22.0267 6008 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:27:22.0270 6008 RasSstp - ok
    18:27:22.0306 6008 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:27:22.0308 6008 rdbss - ok
    18:27:22.0318 6008 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    18:27:22.0320 6008 rdpbus - ok
    18:27:22.0330 6008 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:27:22.0331 6008 RDPCDD - ok
    18:27:22.0380 6008 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    18:27:22.0382 6008 RDPDR - ok
    18:27:22.0398 6008 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:27:22.0400 6008 RDPENCDD - ok
    18:27:22.0407 6008 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:27:22.0408 6008 RDPREFMP - ok
    18:27:22.0458 6008 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    18:27:22.0460 6008 RdpVideoMiniport - ok
    18:27:22.0487 6008 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:27:22.0490 6008 RDPWD - ok
    18:27:22.0521 6008 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:27:22.0523 6008 rdyboost - ok
    18:27:22.0551 6008 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:27:22.0555 6008 RemoteAccess - ok
    18:27:22.0581 6008 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:27:22.0601 6008 RemoteRegistry - ok
    18:27:22.0641 6008 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:27:22.0646 6008 RpcEptMapper - ok
    18:27:22.0660 6008 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    18:27:22.0665 6008 RpcLocator - ok
    18:27:22.0712 6008 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    18:27:22.0723 6008 RpcSs - ok
    18:27:22.0753 6008 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:27:22.0755 6008 rspndr - ok
    18:27:22.0790 6008 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    18:27:22.0791 6008 s3cap - ok
    18:27:22.0806 6008 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    18:27:22.0808 6008 SamSs - ok
    18:27:22.0821 6008 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:27:22.0827 6008 sbp2port - ok
    18:27:22.0887 6008 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:27:22.0896 6008 SCardSvr - ok
    18:27:22.0931 6008 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:27:22.0932 6008 scfilter - ok
    18:27:22.0977 6008 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    18:27:22.0986 6008 Schedule - ok
    18:27:23.0017 6008 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:27:23.0018 6008 SCPolicySvc - ok
    18:27:23.0031 6008 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:27:23.0036 6008 SDRSVC - ok
    18:27:23.0076 6008 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:27:23.0078 6008 secdrv - ok
    18:27:23.0096 6008 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    18:27:23.0102 6008 seclogon - ok
    18:27:23.0132 6008 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    18:27:23.0135 6008 SENS - ok
    18:27:23.0143 6008 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:27:23.0147 6008 SensrSvc - ok
    18:27:23.0173 6008 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    18:27:23.0175 6008 Serenum - ok
    18:27:23.0195 6008 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    18:27:23.0197 6008 Serial - ok
    18:27:23.0232 6008 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    18:27:23.0233 6008 sermouse - ok
    18:27:23.0272 6008 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:27:23.0277 6008 SessionEnv - ok
    18:27:23.0301 6008 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:27:23.0302 6008 sffdisk - ok
    18:27:23.0321 6008 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:27:23.0322 6008 sffp_mmc - ok
     
  9. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    18:27:23.0338 6008 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:27:23.0377 6008 sffp_sd - ok
    18:27:23.0436 6008 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    18:27:23.0440 6008 sfloppy - ok
    18:27:23.0466 6008 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    18:27:23.0476 6008 SharedAccess - ok
    18:27:23.0520 6008 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:27:23.0530 6008 ShellHWDetection - ok
    18:27:23.0547 6008 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:27:23.0550 6008 SiSRaid2 - ok
    18:27:23.0593 6008 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    18:27:23.0596 6008 SiSRaid4 - ok
    18:27:23.0678 6008 [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:27:23.0681 6008 SkypeUpdate - ok
    18:27:23.0718 6008 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:27:23.0722 6008 Smb - ok
    18:27:23.0780 6008 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:27:23.0785 6008 SNMPTRAP - ok
    18:27:23.0822 6008 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:27:23.0823 6008 spldr - ok
    18:27:23.0868 6008 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    18:27:23.0881 6008 Spooler - ok
    18:27:23.0978 6008 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    18:27:24.0011 6008 sppsvc - ok
    18:27:24.0057 6008 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:27:24.0072 6008 sppuinotify - ok
    18:27:24.0106 6008 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:27:24.0113 6008 srv - ok
    18:27:24.0136 6008 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:27:24.0138 6008 srv2 - ok
    18:27:24.0155 6008 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:27:24.0157 6008 srvnet - ok
    18:27:24.0208 6008 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:27:24.0213 6008 SSDPSRV - ok
    18:27:24.0225 6008 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:27:24.0227 6008 SstpSvc - ok
    18:27:24.0322 6008 Steam Client Service - ok
    18:27:24.0345 6008 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    18:27:24.0346 6008 stexstor - ok
    18:27:24.0363 6008 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    18:27:24.0365 6008 StillCam - ok
    18:27:24.0418 6008 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    18:27:24.0432 6008 stisvc - ok
    18:27:24.0482 6008 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    18:27:24.0483 6008 storflt - ok
    18:27:24.0523 6008 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    18:27:24.0527 6008 storvsc - ok
    18:27:24.0541 6008 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    18:27:24.0542 6008 swenum - ok
    18:27:24.0577 6008 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    18:27:24.0592 6008 swprv - ok
    18:27:24.0601 6008 Synth3dVsc - ok
    18:27:24.0652 6008 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    18:27:24.0666 6008 SysMain - ok
    18:27:24.0688 6008 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:27:24.0691 6008 TabletInputService - ok
    18:27:24.0721 6008 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:27:24.0732 6008 TapiSrv - ok
    18:27:24.0792 6008 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    18:27:24.0797 6008 TBS - ok
    18:27:24.0977 6008 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:27:24.0991 6008 Tcpip - ok
    18:27:25.0066 6008 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:27:25.0088 6008 TCPIP6 - ok
    18:27:25.0122 6008 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:27:25.0122 6008 tcpipreg - ok
    18:27:25.0150 6008 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:27:25.0150 6008 TDPIPE - ok
    18:27:25.0183 6008 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:27:25.0185 6008 TDTCP - ok
    18:27:25.0266 6008 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:27:25.0270 6008 tdx - ok
    18:27:25.0305 6008 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    18:27:25.0307 6008 TermDD - ok
    18:27:25.0342 6008 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    18:27:25.0352 6008 TermService - ok
    18:27:25.0368 6008 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    18:27:25.0370 6008 Themes - ok
    18:27:25.0392 6008 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    18:27:25.0393 6008 THREADORDER - ok
    18:27:25.0425 6008 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    18:27:25.0427 6008 TrkWks - ok
    18:27:25.0476 6008 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:27:25.0481 6008 TrustedInstaller - ok
    18:27:25.0517 6008 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:27:25.0518 6008 tssecsrv - ok
    18:27:25.0545 6008 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:27:25.0547 6008 TsUsbFlt - ok
    18:27:25.0551 6008 tsusbhub - ok
    18:27:25.0598 6008 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:27:25.0602 6008 tunnel - ok
    18:27:25.0633 6008 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    18:27:25.0637 6008 uagp35 - ok
    18:27:25.0673 6008 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:27:25.0680 6008 udfs - ok
    18:27:25.0723 6008 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:27:25.0727 6008 UI0Detect - ok
    18:27:25.0740 6008 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:27:25.0742 6008 uliagpkx - ok
    18:27:25.0772 6008 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    18:27:25.0775 6008 umbus - ok
    18:27:25.0797 6008 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    18:27:25.0800 6008 UmPass - ok
    18:27:25.0830 6008 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
    18:27:25.0835 6008 UmRdpService - ok
    18:27:25.0902 6008 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    18:27:25.0910 6008 UMVPFSrv - ok
     
  10. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    18:27:25.0938 6008 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    18:27:25.0945 6008 upnphost - ok
    18:27:25.0967 6008 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    18:27:25.0968 6008 USBAAPL64 - ok
    18:27:25.0995 6008 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    18:27:25.0997 6008 usbaudio - ok
    18:27:26.0006 6008 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:27:26.0007 6008 usbccgp - ok
    18:27:26.0065 6008 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:27:26.0078 6008 usbcir - ok
    18:27:26.0101 6008 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    18:27:26.0103 6008 usbehci - ok
    18:27:26.0151 6008 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:27:26.0158 6008 usbhub - ok
    18:27:26.0177 6008 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    18:27:26.0181 6008 usbohci - ok
    18:27:26.0256 6008 [ 538233FBBC748AA1D57B7B53F150DE9A ] USBPNPA C:\Windows\system32\drivers\CM10864.sys
    18:27:26.0276 6008 USBPNPA - ok
    18:27:26.0316 6008 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:27:26.0318 6008 usbprint - ok
    18:27:26.0330 6008 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:27:26.0340 6008 USBSTOR - ok
    18:27:26.0376 6008 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    18:27:26.0377 6008 usbuhci - ok
    18:27:26.0393 6008 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    18:27:26.0396 6008 UxSms - ok
    18:27:26.0406 6008 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    18:27:26.0408 6008 VaultSvc - ok
    18:27:26.0422 6008 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:27:26.0422 6008 vdrvroot - ok
    18:27:26.0480 6008 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    18:27:26.0496 6008 vds - ok
    18:27:26.0550 6008 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:27:26.0552 6008 vga - ok
    18:27:26.0572 6008 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:27:26.0573 6008 VgaSave - ok
    18:27:26.0588 6008 VGPU - ok
    18:27:26.0628 6008 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:27:26.0632 6008 vhdmp - ok
    18:27:26.0703 6008 [ 84FFC3CCA60A1B52A021BC894D529735 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
    18:27:26.0718 6008 VIAHdAudAddService - ok
    18:27:26.0760 6008 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    18:27:26.0775 6008 viaide - ok
    18:27:26.0838 6008 [ F4310278E6CE1C507B5555B662369E26 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
    18:27:26.0843 6008 VIAKaraokeService - ok
    18:27:26.0870 6008 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
    18:27:26.0875 6008 vmbus - ok
    18:27:26.0890 6008 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    18:27:26.0892 6008 VMBusHID - ok
    18:27:26.0903 6008 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:27:26.0905 6008 volmgr - ok
    18:27:26.0946 6008 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:27:26.0952 6008 volmgrx - ok
    18:27:26.0973 6008 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:27:26.0977 6008 volsnap - ok
    18:27:26.0997 6008 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    18:27:27.0001 6008 vsmraid - ok
    18:27:27.0047 6008 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    18:27:27.0066 6008 VSS - ok
    18:27:27.0188 6008 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    18:27:27.0200 6008 vToolbarUpdater12.2.6 - ok
    18:27:27.0215 6008 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    18:27:27.0217 6008 vwifibus - ok
    18:27:27.0248 6008 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    18:27:27.0255 6008 W32Time - ok
    18:27:27.0283 6008 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    18:27:27.0286 6008 WacomPen - ok
    18:27:27.0338 6008 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:27:27.0342 6008 WANARP - ok
    18:27:27.0350 6008 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:27:27.0352 6008 Wanarpv6 - ok
    18:27:27.0415 6008 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:27:27.0428 6008 WatAdminSvc - ok
    18:27:27.0470 6008 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    18:27:27.0488 6008 wbengine - ok
    18:27:27.0511 6008 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:27:27.0516 6008 WbioSrvc - ok
    18:27:27.0577 6008 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:27:27.0596 6008 wcncsvc - ok
    18:27:27.0612 6008 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:27:27.0616 6008 WcsPlugInService - ok
    18:27:27.0640 6008 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    18:27:27.0641 6008 Wd - ok
    18:27:27.0663 6008 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:27:27.0668 6008 Wdf01000 - ok
    18:27:27.0688 6008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:27:27.0692 6008 WdiServiceHost - ok
    18:27:27.0696 6008 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:27:27.0700 6008 WdiSystemHost - ok
    18:27:27.0735 6008 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    18:27:27.0740 6008 WebClient - ok
    18:27:27.0752 6008 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:27:27.0757 6008 Wecsvc - ok
    18:27:27.0765 6008 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:27:27.0780 6008 wercplsupport - ok
    18:27:27.0826 6008 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:27:27.0830 6008 WerSvc - ok
    18:27:27.0843 6008 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:27:27.0845 6008 WfpLwf - ok
    18:27:27.0860 6008 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:27:27.0861 6008 WIMMount - ok
    18:27:27.0890 6008 WinDefend - ok
    18:27:27.0897 6008 WinHttpAutoProxySvc - ok
    18:27:27.0941 6008 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:27:27.0946 6008 Winmgmt - ok
    18:27:28.0065 6008 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    18:27:28.0102 6008 WinRM - ok
    18:27:28.0155 6008 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    18:27:28.0156 6008 WinUsb - ok
    18:27:28.0181 6008 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:27:28.0191 6008 Wlansvc - ok
    18:27:28.0360 6008 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:27:28.0375 6008 wlidsvc - ok
    18:27:28.0426 6008 [ 680A7846370000D20D7E74917D5B7936 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
    18:27:28.0427 6008 WmBEnum - ok
    18:27:28.0493 6008 [ 14C35BA8189C6F65D839163AA285E954 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
    18:27:28.0501 6008 WmFilter - ok
    18:27:28.0528 6008 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:27:28.0531 6008 WmiAcpi - ok
    18:27:28.0558 6008 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:27:28.0562 6008 wmiApSrv - ok
    18:27:28.0608 6008 WMPNetworkSvc - ok
    18:27:28.0665 6008 [ 8488DD91A3EE54A8E29F02AD7BB8201E ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
    18:27:28.0666 6008 WmVirHid - ok
    18:27:28.0685 6008 [ 14802B3A30AA849C97CB968CCC813BF3 ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
    18:27:28.0687 6008 WmXlCore - ok
    18:27:28.0743 6008 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:27:28.0761 6008 WPCSvc - ok
    18:27:28.0797 6008 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:27:28.0801 6008 WPDBusEnum - ok
    18:27:28.0825 6008 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:27:28.0827 6008 ws2ifsl - ok
    18:27:28.0837 6008 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    18:27:28.0841 6008 wscsvc - ok
    18:27:28.0845 6008 WSearch - ok
    18:27:28.0883 6008 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:27:28.0885 6008 WudfPf - ok
    18:27:28.0928 6008 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:27:28.0932 6008 WUDFRd - ok
    18:27:28.0950 6008 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:27:28.0956 6008 wudfsvc - ok
    18:27:28.0987 6008 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:27:28.0993 6008 WwanSvc - ok
    18:27:29.0043 6008 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
    18:27:29.0046 6008 xusb21 - ok
    18:27:29.0066 6008 ================ Scan global ===============================
    18:27:29.0096 6008 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    18:27:29.0126 6008 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    18:27:29.0140 6008 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    18:27:29.0173 6008 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    18:27:29.0237 6008 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    18:27:29.0246 6008 [Global] - ok
    18:27:29.0247 6008 ================ Scan MBR ==================================
    18:27:29.0266 6008 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    18:27:29.0706 6008 \Device\Harddisk0\DR0 - ok
    18:27:29.0710 6008 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    18:27:31.0452 6008 \Device\Harddisk1\DR1 - ok
    18:27:31.0453 6008 ================ Scan VBR ==================================
    18:27:31.0481 6008 [ 0772494122939558D6FF8A0323B95C4C ] \Device\Harddisk0\DR0\Partition1
    18:27:31.0482 6008 \Device\Harddisk0\DR0\Partition1 - ok
    18:27:31.0486 6008 [ ED8B133D64155602951B52F33FDA89CA ] \Device\Harddisk1\DR1\Partition1
    18:27:31.0487 6008 \Device\Harddisk1\DR1\Partition1 - ok
    18:27:31.0487 6008 ============================================================
    18:27:31.0487 6008 Scan finished
    18:27:31.0487 6008 ============================================================
    18:27:31.0497 4596 Detected object count: 0
    18:27:31.0497 4596 Actual detected object count: 0


    RogueKiller V8.1.1 [10/03/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Babydoll [Admin rights]
    Mode : Scan -- Date : 10/14/2012 18:37:59

    ¤¤¤ Bad processes : 1 ¤¤¤
    [RESIDUE][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Windows\Syswow64\cm108.dll -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [RUN][BLACKLIST DLL] HKLM\[...]\Run : Cm108Sound (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HDS721050CLA SCSI Disk Device +++++
    --- User ---
    [MBR] e580af5af5cb649e479d381e96ab2ba9
    [BSP] 7df5a2679cc1e2f5fce9e89007f2dc98 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    +++++ PhysicalDrive1: PNY USB 2.0 FD USB Device +++++
    --- User ---
    [MBR] 8501723c126743780449eb919226813d
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 6008 | Size: 7719 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport.txt >>
    RKreport.txt




    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.10.14.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Babydoll :: BABYDOLL-PC [administrator]

    Protection: Enabled

    10/14/2012 6:50:09 PM
    mbam-log-2012-10-14 (18-50-09).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206673
    Time elapsed: 1 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Babydoll\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

    (end)
     
  11. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-14 18:53:58
    -----------------------------
    18:53:58.351 OS Version: Windows x64 6.1.7601 Service Pack 1
    18:53:58.351 Number of processors: 2 586 0x603
    18:53:58.351 ComputerName: BABYDOLL-PC UserName: Babydoll
    18:54:18.351 Initialize success
    18:54:28.116 AVAST engine defs: 12101401
    18:54:42.029 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
    18:54:42.030 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3
    18:54:42.037 Disk 0 MBR read successfully
    18:54:42.038 Disk 0 MBR scan
    18:54:42.052 Disk 0 Windows 7 default MBR code
    18:54:42.054 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 2048
    18:54:42.064 Disk 0 scanning C:\Windows\system32\drivers
    18:54:51.853 Service scanning
    18:55:25.707 Modules scanning
    18:55:25.721 Disk 0 trace - called modules:
    18:55:25.736 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
    18:55:25.740 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007bf0060]
    18:55:25.744 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8007864ca0]
    18:55:26.087 5 ACPI.sys[fffff88000eca7a1] -> nt!IofCallDriver -> \Device\00000064[0xfffffa8007812060]
    18:55:28.025 AVAST engine scan C:\Windows
    18:55:30.842 AVAST engine scan C:\Windows\system32
    18:57:09.274 File: C:\Windows\assembly\GAC_32\Desktop(81).ini **INFECTED** Win32:Sirefef-PL [Rtk]
    18:57:11.778 File: C:\Windows\assembly\GAC_64\Desktop(80).ini **INFECTED** Win32:Sirefef-PL [Rtk]
    18:59:05.386 AVAST engine scan C:\Windows\system32\drivers
    18:59:28.853 AVAST engine scan C:\Users\Babydoll
    19:49:17.995 Disk 0 MBR has been saved successfully to "C:\Users\Babydoll\Desktop\MBR.dat"
    19:49:17.996 The log file has been saved successfully to "C:\Users\Babydoll\Desktop\aswMBR.txt"
     
  12. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    ComboFix 12-10-14.03 - Babydoll 10/14/2012 21:43:05.2.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.6408 [GMT -4:00]
    Running from: c:\users\Babydoll\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\users\Babydoll\15.jpg
    c:\users\Babydoll\16.jpg
    c:\windows\SysWow64\DEBUG.log
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_nvsvc
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-15 01:50 . 2012-10-15 01:50--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-15 01:12 . 2012-10-15 01:12--------d-----w-C:\FRST
    2012-10-14 19:12 . 2010-10-13 15:068757248------w-c:\windows\SysWow64\CM108.dll
    2012-10-14 19:12 . 2010-07-13 19:26804352------w-c:\windows\system32\Cmeau108.exe
    2012-10-14 19:12 . 2009-04-02 20:59143360------w-c:\windows\Vmix108.dll
    2012-10-14 19:12 . 2008-07-23 23:00389120------w-c:\windows\system32\CM108.cpl
    2012-10-14 19:12 . 2006-09-13 14:21200704------w-c:\windows\SysWow64\cmpa108.dll
    2012-10-14 19:11 . 2004-04-14 15:28315392----a-w-c:\windows\system\fltr108.dll
    2012-10-14 17:01 . 2012-10-14 17:01--------d-----w-c:\users\Babydoll\AppData\Roaming\Malwarebytes
    2012-10-14 17:01 . 2012-10-14 17:03--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-14 17:01 . 2012-10-14 17:01--------d-----w-c:\programdata\Malwarebytes
    2012-10-14 17:01 . 2012-09-07 21:0425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-10-14 16:43 . 2012-09-19 04:589308616----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{9624E30A-CAD6-495B-B230-65FA31120BD7}\mpengine.dll
    2012-10-14 16:26 . 2012-10-14 16:26--------d-----w-C:\TDSSKiller_Quarantine
    2012-10-14 14:10 . 2012-10-14 14:10--------d-----w-c:\windows\SysWow64\QuickTime
    2012-10-14 14:03 . 2012-10-14 14:03--------d-sh--w-c:\windows\SysWow64\%APPDATA%
    2012-10-14 13:55 . 2012-10-14 15:52--------d-----w-c:\program files (x86)\Mega Codec Pack
    2012-10-10 17:42 . 2012-08-20 18:48424448------w-c:\windows\system32\KernelBase.dll
    2012-10-10 17:42 . 2012-08-20 18:48215040------w-c:\windows\system32\winsrv.dll
    2012-10-10 17:42 . 2012-08-20 18:481162240------w-c:\windows\system32\kernel32.dll
    2012-10-10 17:42 . 2012-08-20 17:37274944------w-c:\windows\SysWow64\KernelBase.dll
    2012-10-10 17:42 . 2012-08-20 18:48243200------w-c:\windows\system32\wow64.dll
    2012-10-10 17:42 . 2012-08-20 18:48362496------w-c:\windows\system32\wow64win.dll
    2012-10-10 17:42 . 2012-08-20 18:4813312------w-c:\windows\system32\wow64cpu.dll
    2012-10-10 17:41 . 2012-08-24 18:05220160------w-c:\windows\system32\wintrust.dll
    2012-10-10 17:41 . 2012-08-24 16:57172544------w-c:\windows\SysWow64\wintrust.dll
    2012-10-10 17:41 . 2012-08-11 00:56715776------w-c:\windows\system32\kerberos.dll
    2012-10-10 17:41 . 2012-06-02 04:361159680------w-c:\windows\SysWow64\crypt32.dll
    2012-10-08 16:04 . 2012-10-14 16:04--------d-----w-c:\program files (x86)\Coupons
    2012-10-03 15:21 . 2009-08-19 20:00359424------w-c:\windows\system32\CmiInstallResAll64.dll
    2012-10-03 15:21 . 2010-08-12 22:261310720----a-w-c:\windows\system32\drivers\CM10864.sys
    2012-10-02 15:42 . 2012-10-02 15:42--------d-----w-c:\users\Babydoll\AppData\Local\MFAData
    2012-10-02 15:42 . 2012-10-02 15:42--------d-----w-c:\users\Babydoll\AppData\Local\Avg2013
    2012-10-01 16:30 . 2012-10-01 16:30--------d-----w-c:\users\Babydoll\AppData\Local\Macromedia
    2012-09-30 16:04 . 2012-09-30 16:04--------d-----r-c:\users\Babydoll\AppData\Roaming\Brother
    2012-09-30 02:22 . 2012-09-30 02:22--------d-----w-c:\users\Babydoll\AppData\Local\Mozilla
    2012-09-30 02:22 . 2012-10-14 16:04--------d-----w-c:\program files (x86)\Mozilla Maintenance Service
    2012-09-27 13:47 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-09-21 17:54 . 2012-09-21 17:54--------d-----w-c:\programdata\NVIDIA
    2012-09-21 17:51 . 2012-09-21 17:51--------d-----w-c:\programdata\NVIDIA Corporation
    2012-09-21 17:51 . 2012-10-14 16:02--------d-----w-c:\program files\NVIDIA Corporation
    2012-09-19 19:57 . 2012-08-21 17:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-09-19 19:56 . 2012-10-14 16:02--------d-----w-c:\program files\iTunes
    2012-09-19 19:56 . 2012-10-14 16:02--------d-----w-c:\program files\iPod
    2012-09-19 19:56 . 2012-10-14 16:01--------d-----w-c:\program files (x86)\iTunes
    2012-09-19 19:56 . 2012-09-19 19:57--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-09-19 17:55 . 2012-10-14 16:01--------d-----w-c:\program files (x86)\Seagate
    2012-09-19 17:35 . 2012-10-14 17:03--------d-----w-c:\programdata\Hi-Rez Studios
    2012-09-19 17:35 . 2012-10-14 17:03--------d-----w-c:\program files (x86)\Hi-Rez Studios
    2012-09-17 14:15 . 2012-10-14 16:01--------d-----w-c:\program files (x86)\Reference Assemblies
    2012-09-17 14:15 . 2012-10-14 16:01--------d-----w-c:\program files (x86)\MSBuild
    2012-09-17 14:15 . 2012-10-14 16:02--------d-----w-c:\program files\Reference Assemblies
    2012-09-17 14:15 . 2012-10-14 16:02--------d-----w-c:\program files\MSBuild
    2012-09-17 14:13 . 2012-09-17 14:13--------d-----r-C:\AHCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-14 17:07 . 2012-07-07 14:4173656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-14 17:07 . 2012-07-07 14:41696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-22 17:48 . 2012-05-07 16:2618960----a-w-c:\windows\system32\drivers\LNonPnP.sys
    2012-09-13 05:42 . 2012-08-10 15:2664462936----a-w-c:\windows\system32\MRT.exe
    2012-09-09 16:27 . 2012-09-09 16:27255352----a-w-c:\windows\SysWow64\awrdscdc.ax
    2012-09-02 19:43 . 2012-09-02 19:4395208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-02 19:43 . 2012-06-06 18:37746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-09-02 19:43 . 2012-06-06 18:37821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2012-08-30 18:29 . 2012-08-30 18:2931080----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-08-24 19:43 . 2012-08-24 19:43384352----a-w-c:\windows\system32\drivers\avgtdia.sys
    2012-08-22 18:12 . 2012-09-12 13:271913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 13:27950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 13:27376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 13:27288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 17:01 . 2012-05-28 15:43125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2012-05-28 15:43106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-08-10 15:23 . 2009-07-14 02:36152576----a-w-c:\windows\SysWow64\msclmd.dll
    2012-08-10 15:23 . 2009-07-14 02:36175616----a-w-c:\windows\system32\msclmd.dll
    2012-08-02 17:58 . 2012-09-12 13:27574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 13:27490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    2012-07-28 04:09 . 2011-04-20 08:385538984----a-w-c:\windows\SysWow64\atiumdag.dll
    2012-07-28 04:07 . 2012-07-28 04:0710278912----a-w-c:\windows\system32\drivers\atikmdag.sys
    2012-07-28 03:43 . 2012-07-28 03:4370144----a-w-c:\windows\system32\coinst_8.982.dll
    2012-07-28 03:19 . 2012-07-28 03:1924935424----a-w-c:\windows\system32\atio6axx.dll
    2012-07-28 02:50 . 2012-07-28 02:5020546560----a-w-c:\windows\SysWow64\atioglxx.dll
    2012-07-28 02:47 . 2012-07-28 02:47187392----a-w-c:\windows\system32\clinfo.exe
    2012-07-28 02:47 . 2012-07-28 02:4775776----a-w-c:\windows\system32\OpenVideo64.dll
    2012-07-28 02:47 . 2012-07-28 02:4765024----a-w-c:\windows\SysWow64\OpenVideo.dll
    2012-07-28 02:47 . 2012-07-28 02:4763488----a-w-c:\windows\system32\OVDecode64.dll
    2012-07-28 02:47 . 2012-07-28 02:4756320----a-w-c:\windows\SysWow64\OVDecode.dll
    2012-07-28 02:46 . 2012-07-28 02:4616464896----a-w-c:\windows\system32\amdocl64.dll
    2012-07-28 02:46 . 2012-07-28 02:4613013504----a-w-c:\windows\SysWow64\amdocl.dll
    2012-07-28 02:15 . 2012-07-28 02:15163840----a-w-c:\windows\system32\atiapfxx.exe
    2012-07-28 02:15 . 2011-04-20 09:09931328----a-w-c:\windows\SysWow64\aticfx32.dll
    2012-07-28 02:13 . 2012-04-06 02:201100288----a-w-c:\windows\system32\aticfx64.dll
    2012-07-28 02:10 . 2012-07-28 02:10442368----a-w-c:\windows\system32\ATIDEMGX.dll
    2012-07-28 02:10 . 2012-07-28 02:10534528----a-w-c:\windows\system32\atieclxx.exe
    2012-07-28 02:09 . 2012-07-28 02:09239616----a-w-c:\windows\system32\atiesrxx.exe
    2012-07-28 02:08 . 2012-07-28 02:08120320----a-w-c:\windows\system32\atitmm64.dll
    2012-07-28 02:08 . 2012-07-28 02:0821504----a-w-c:\windows\system32\atimuixx.dll
    2012-07-28 02:07 . 2012-07-28 02:0759392----a-w-c:\windows\system32\atiedu64.dll
    2012-07-28 02:07 . 2012-07-28 02:0743520----a-w-c:\windows\SysWow64\ati2edxx.dll
    2012-07-28 02:07 . 2012-07-28 02:076430208----a-w-c:\windows\SysWow64\atidxx32.dll
    2012-07-28 01:51 . 2012-07-28 01:517052288----a-w-c:\windows\system32\atidxx64.dll
    2012-07-28 01:41 . 2012-04-06 01:344266496----a-w-c:\windows\system32\atiumd6a.dll
    2012-07-28 01:35 . 2012-07-28 01:3551200----a-w-c:\windows\system32\aticalrt64.dll
    2012-07-28 01:35 . 2012-07-28 01:3546080----a-w-c:\windows\SysWow64\aticalrt.dll
    2012-07-28 01:35 . 2012-07-28 01:3544544----a-w-c:\windows\system32\aticalcl64.dll
    2012-07-28 01:35 . 2012-07-28 01:3544032----a-w-c:\windows\SysWow64\aticalcl.dll
    2012-07-28 01:34 . 2012-07-28 01:3416034304----a-w-c:\windows\system32\aticaldd64.dll
    2012-07-28 01:32 . 2011-04-20 08:304751872----a-w-c:\windows\SysWow64\atiumdva.dll
    2012-07-28 01:30 . 2012-07-28 01:3013605888----a-w-c:\windows\SysWow64\aticaldd.dll
    2012-07-28 01:25 . 2012-04-06 01:236676480----a-w-c:\windows\system32\atiumd64.dll
    2012-07-28 01:15 . 2012-04-06 01:11540160----a-w-c:\windows\system32\atiadlxx.dll
    2012-07-28 01:15 . 2012-07-28 01:15368640----a-w-c:\windows\SysWow64\atiadlxy.dll
    2012-07-28 01:15 . 2012-07-28 01:1517920----a-w-c:\windows\system32\atig6pxx.dll
    2012-07-28 01:15 . 2012-07-28 01:1514848----a-w-c:\windows\SysWow64\atiglpxx.dll
    2012-07-28 01:15 . 2012-07-28 01:1514848----a-w-c:\windows\system32\atiglpxx.dll
    2012-07-28 01:15 . 2012-07-28 01:1541984----a-w-c:\windows\system32\atig6txx.dll
    2012-07-28 01:14 . 2012-07-28 01:1433280----a-w-c:\windows\SysWow64\atigktxx.dll
    2012-07-28 01:14 . 2012-07-28 01:14368640----a-w-c:\windows\system32\drivers\atikmpag.sys
    2012-07-28 01:13 . 2011-04-20 08:21129536----a-w-c:\windows\system32\atiuxp64.dll
    2012-07-28 01:13 . 2012-07-28 01:13109568----a-w-c:\windows\SysWow64\atiuxpag.dll
    2012-07-28 01:13 . 2012-04-06 01:09103936----a-w-c:\windows\system32\atiu9p64.dll
    2012-07-28 01:13 . 2011-04-20 08:2183456----a-w-c:\windows\SysWow64\atiu9pag.dll
    2012-07-28 01:12 . 2012-07-28 01:1253248----a-w-c:\windows\system32\drivers\ati2erec.dll
    2012-07-28 01:08 . 2012-07-28 01:0856320----a-w-c:\windows\system32\atimpc64.dll
    2012-07-28 01:08 . 2012-07-28 01:0856320----a-w-c:\windows\system32\amdpcom64.dll
    2012-07-28 01:08 . 2012-07-28 01:0856832----a-w-c:\windows\SysWow64\atimpc32.dll
    2012-07-28 01:08 . 2012-07-28 01:0856832----a-w-c:\windows\SysWow64\amdpcom32.dll
    2012-07-26 07:21 . 2012-07-26 07:21291680----a-w-c:\windows\system32\drivers\avgldx64.sys
    2012-07-18 18:15 . 2012-08-15 14:213148800----a-w-c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-08-30 18:291734240----a-w-c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-30 1734240]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Spotify Web Helper"="c:\users\Babydoll\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-16 1193176]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-07-02 1022352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-05-06 3037296]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-08-30 947808]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe" [2010-03-25 888960]
    "Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2009-12-29 887936]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
    "ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
    "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    .
    c:\users\Babydoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CurseClientStartup.ccip [2012-5-6 0]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 250808]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-06 1255736]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-30 31080]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-08-06 361984]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-12-29 96896]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-05-06 27760]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-08-30 722528]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-28 10278912]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-28 368640]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
    S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [2010-08-12 1310720]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-05-06 2157680]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 17:07]
    .
    2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2874638133-926241938-2017742220-1000Core.job
    - c:\users\Babydoll\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:00]
    .
    2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2874638133-926241938-2017742220-1000UA.job
    - c:\users\Babydoll\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-06 16:00]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.ask.com/?l=dis&o=APN10635&gct=hp
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    FF - ProfilePath - c:\users\Babydoll\AppData\Roaming\Mozilla\Firefox\Profiles\6qdbqp86.default\
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Bfeec4952-16d5-4827-9c1f-f9b426e47249%7D&mid=e4232c8089aa47d087916de78371ad09-b787440fbb17ee6c270c9e1b2f7e6e39c4a510ec&ds=AVG&v=12.2.5.32&lang=en&pr=fr&d=2012-05-06%2012%3A23%3A23&sap=ku&q=
    FF - ExtSQL: 2012-08-30 14:29; avg@toolbar; c:\programdata\AVG Secure Search\12.2.5.32
    FF - ExtSQL: 2012-09-11 08:45; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files (x86)\AVG\AVG2012\Firefox4
    FF - ExtSQL: 2012-10-03 09:41; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Babydoll\AppData\Roaming\Mozilla\Firefox\Profiles\6qdbqp86.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-DW7 - c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2874638133-926241938-2017742220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2874638133-926241938-2017742220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-2874638133-926241938-2017742220-1000\Software\SecuROM\License information*]
    "datasecu"=hex:1a,7f,1b,10,5d,8b,0b,52,75,62,b8,12,7e,94,d0,fe,23,5f,ee,7e,66,
    69,e9,2b,f4,a4,71,fc,cb,4c,c5,f5,18,2b,68,26,48,e6,cc,35,0f,c2,d1,f5,4f,99,\
    "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-14 21:52:14
    ComboFix-quarantined-files.txt 2012-10-15 01:52
    .
    Pre-Run: 360,208,535,552 bytes free
    Post-Run: 359,610,638,336 bytes free
    .
    - - End Of File - - 280185ADFE9521854BCE3E6899629066
     
  14. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Looks good :)

    Any current issues?

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    Everything seems to be okay now. what a doozy of a virus. Ill know better next time. thanks so much for the help.


    OTL logfile created on: 10/15/2012 12:00:04 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Babydoll\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 4.38 Gb Available Physical Memory | 54.75% Memory free
    16.00 Gb Paging File | 11.49 Gb Available in Paging File | 71.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 334.86 Gb Free Space | 71.90% Space Free | Partition Type: NTFS
    Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: BABYDOLL-PC | User Name: Babydoll | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/14 23:59:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Babydoll\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/08/30 14:29:16 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    PRC - [2012/08/30 14:29:15 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/08/15 21:08:05 | 001,193,176 | ---- | M] () -- C:\Users\Babydoll\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/04/20 17:58:02 | 001,204,224 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
    PRC - [2011/04/20 17:53:10 | 000,335,872 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
    PRC - [2010/03/25 11:02:12 | 000,888,960 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe
    PRC - [2009/12/28 21:33:02 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
    MOD - [2012/10/10 06:06:13 | 012,435,992 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
    MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    MOD - [2012/10/10 06:04:57 | 000,578,072 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
    MOD - [2012/10/10 06:04:55 | 000,123,928 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
    MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
    MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
    MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
    MOD - [2012/08/30 14:29:18 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
    MOD - [2012/08/30 14:29:17 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
    MOD - [2012/08/30 14:29:15 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/08/15 21:08:05 | 001,193,176 | ---- | M] () -- C:\Users\Babydoll\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2009/09/30 11:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll
    MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2012/05/06 12:08:23 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
    SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/10/14 13:07:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/09/05 21:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/08/30 14:29:16 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
    SRV - [2012/08/23 18:55:38 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/12/28 21:33:02 | 000,096,896 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/30 14:29:17 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2012/05/06 12:08:23 | 002,157,680 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/09/02 02:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/08/12 18:26:16 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
    DRV:64bit: - [2010/04/27 19:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
    DRV:64bit: - [2010/04/27 19:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
    DRV:64bit: - [2010/04/27 17:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
    DRV:64bit: - [2010/04/27 17:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
    DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/07/16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=APN10635&gct=hp
    IE - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 51 6A FB 5D 6A CD 01 [binary data]
    IE - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\..\SearchScopes\{4B9EC274-0C03-4D69-885C-B4AC8C0C07B4}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=B773C5F4-2866-4470-BDE6-7E7A958E9CD4
    IE - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid=...e39c4a510ec&lang=en&ds=AVG&pr=fr&d=2012-05-06 12:23:23&v=12.2.5.32&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
    FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=...lang=en&pr=fr&d=2012-05-06 12:23:23&sap=ku&q="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Babydoll\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Babydoll\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/10/14 12:01:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/08/30 14:29:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/14 12:04:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/09/29 22:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babydoll\AppData\Roaming\Mozilla\Extensions
    [2012/10/03 09:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Babydoll\AppData\Roaming\Mozilla\Firefox\Profiles\6qdbqp86.default\extensions
    [2012/10/03 09:41:10 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Babydoll\AppData\Roaming\Mozilla\Firefox\Profiles\6qdbqp86.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2012/10/12 12:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/08/30 14:29:23 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
    [2012/09/05 21:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/09/05 21:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/10/12 12:11:35 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Babydoll\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\npLogitechDeviceDetection.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
    CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Babydoll\AppData\Local\Facebook\Messenger\2.1.4623.0\npFbDesktopPlugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Babydoll\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Bouncy Mouse = C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.2.1_0\
    CHR - Extension: Google Search = C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Logitech Device Detection = C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
    CHR - Extension: AdBlock = C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
    CHR - Extension: Google Reader = C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
    CHR - Extension: Gmail = C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/14 21:28:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
    O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
    O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan4\FanHelp.exe (ASUSTeK Computer Inc.)
    O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
     
  16. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-2874638133-926241938-2017742220-1000..\Run: [Spotify Web Helper] C:\Users\Babydoll\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
    O4 - HKU\S-1-5-21-2874638133-926241938-2017742220-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Babydoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2874638133-926241938-2017742220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D2BCDE-7C84-4F6F-9848-39AF9E896812}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/14 23:59:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Babydoll\Desktop\OTL.exe
    [2012/10/14 21:52:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/14 21:52:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/14 21:20:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/14 21:20:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/14 21:20:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/14 21:20:26 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/14 21:20:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/14 21:15:37 | 004,980,339 | R--- | C] (Swearware) -- C:\Users\Babydoll\Desktop\ComboFix.exe
    [2012/10/14 21:12:18 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/14 18:35:37 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\Desktop\RK_Quarantine
    [2012/10/14 15:12:10 | 008,757,248 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM108.dll
    [2012/10/14 15:12:10 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa108.dll
    [2012/10/14 15:11:16 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltr108.dll
    [2012/10/14 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\AppData\Roaming\Malwarebytes
    [2012/10/14 13:01:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/14 13:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/14 13:01:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/14 13:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/14 12:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2012/10/14 12:26:58 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/14 10:10:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\QuickTime
    [2012/10/14 10:10:27 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\D-I-v-X - AVI Codec Pack Pro
    [2012/10/14 10:03:49 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/10/14 09:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack
    [2012/10/08 12:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
    [2012/10/03 11:21:15 | 001,310,720 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10864.sys
    [2012/10/02 11:42:45 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\AppData\Local\MFAData
    [2012/10/02 11:42:45 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\AppData\Local\Avg2013
    [2012/10/01 12:30:18 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\AppData\Local\Macromedia
    [2012/09/30 12:04:12 | 000,000,000 | R--D | C] -- C:\Users\Babydoll\AppData\Roaming\Brother
    [2012/09/29 22:22:34 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\AppData\Roaming\Mozilla
    [2012/09/29 22:22:34 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\AppData\Local\Mozilla
    [2012/09/29 22:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2012/09/29 22:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2012/09/29 22:22:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/09/21 13:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
    [2012/09/21 13:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2012/09/21 13:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2012/09/19 15:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/09/19 15:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/09/19 15:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2012/09/19 15:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/09/19 15:56:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2012/09/19 13:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
    [2012/09/19 13:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
    [2012/09/19 13:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
    [2012/09/19 13:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
    [2012/09/17 10:19:11 | 000,000,000 | ---D | C] -- C:\Users\Babydoll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
    [2012/09/17 10:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
    [2012/09/17 10:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
    [2012/09/17 10:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
    [2012/09/17 10:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
    [2012/09/17 10:13:26 | 000,000,000 | R--D | C] -- C:\AHCache

    ========== Files - Modified Within 30 Days ==========

    [2012/10/14 23:59:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Babydoll\Desktop\OTL.exe
    [2012/10/14 23:19:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2874638133-926241938-2017742220-1000UA.job
    [2012/10/14 23:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/14 22:12:38 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/14 22:12:38 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/14 22:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/14 22:04:25 | 2146,873,343 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/14 21:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/14 21:15:41 | 004,980,339 | R--- | M] (Swearware) -- C:\Users\Babydoll\Desktop\ComboFix.exe
    [2012/10/14 19:49:17 | 000,000,512 | ---- | M] () -- C:\Users\Babydoll\Desktop\MBR.dat
    [2012/10/14 19:25:06 | 000,002,460 | ---- | M] () -- C:\Users\Babydoll\Desktop\Google Chrome.lnk
    [2012/10/14 16:51:20 | 000,779,184 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/14 16:51:20 | 000,660,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/14 16:51:20 | 000,121,234 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/14 15:12:10 | 000,000,169 | ---- | M] () -- C:\Windows\Cm108.ini.cfl
    [2012/10/14 15:12:10 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
    [2012/10/14 15:12:08 | 000,000,201 | ---- | M] () -- C:\Windows\Cm108.ini.imi
    [2012/10/14 15:11:20 | 000,000,150 | ---- | M] () -- C:\Windows\System\Cm108.ini
    [2012/10/14 13:03:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/14 12:10:50 | 097,335,507 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/10/14 00:59:50 | 000,084,343 | ---- | M] () -- C:\Users\Babydoll\Desktop\Fluttershy-my-little-pony-friendship-is-magic-28246275-762-1049.jpg
    [2012/10/09 00:13:44 | 001,294,780 | ---- | M] () -- C:\Users\Babydoll\Desktop\julie-love-templeton.jpg
    [2012/10/02 01:19:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2874638133-926241938-2017742220-1000Core.job
    [2012/09/29 22:22:30 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/28 00:29:58 | 000,027,520 | ---- | M] () -- C:\Users\Babydoll\AppData\Local\dt.dat
    [2012/09/23 18:32:09 | 000,346,332 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/09/21 13:53:35 | 000,001,624 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
    [2012/09/19 15:57:34 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/19 13:55:53 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
    [2012/09/19 02:24:59 | 656,736,647 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/09/17 10:19:11 | 000,000,318 | ---- | M] () -- C:\Users\Babydoll\Desktop\Curse Client.appref-ms

    ========== Files Created - No Company Name ==========

    [2012/10/14 21:20:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/14 21:20:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/14 21:20:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/14 21:20:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/14 21:20:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/14 19:49:17 | 000,000,512 | ---- | C] () -- C:\Users\Babydoll\Desktop\MBR.dat
    [2012/10/14 15:12:10 | 000,804,352 | ---- | C] () -- C:\Windows\SysNative\Cmeau108.exe
    [2012/10/14 15:12:10 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CM108.cpl
    [2012/10/14 15:12:10 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
    [2012/10/14 15:12:10 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
    [2012/10/14 15:12:10 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
    [2012/10/14 13:01:48 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/14 00:59:49 | 000,084,343 | ---- | C] () -- C:\Users\Babydoll\Desktop\Fluttershy-my-little-pony-friendship-is-magic-28246275-762-1049.jpg
    [2012/10/09 00:13:43 | 001,294,780 | ---- | C] () -- C:\Users\Babydoll\Desktop\julie-love-templeton.jpg
    [2012/10/03 11:21:16 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
    [2012/10/03 11:21:16 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
    [2012/10/03 11:21:16 | 000,000,201 | ---- | C] () -- C:\Windows\Cm108.ini.imi
    [2012/10/03 11:21:16 | 000,000,150 | ---- | C] () -- C:\Windows\System\Cm108.ini
    [2012/10/03 11:21:15 | 000,001,353 | ---- | C] () -- C:\Windows\cm108.ini
    [2012/09/29 22:22:30 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/09/29 22:22:30 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/09/28 00:29:58 | 000,027,520 | ---- | C] () -- C:\Users\Babydoll\AppData\Local\dt.dat
    [2012/09/19 15:57:34 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/09/19 13:55:53 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
    [2012/09/17 10:19:11 | 000,000,318 | ---- | C] () -- C:\Users\Babydoll\Desktop\Curse Client.appref-ms
    [2012/08/26 11:12:10 | 000,772,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/25 00:30:56 | 001,549,882 | ---- | C] () -- C:\Users\Babydoll\desmume-0.9.8-win64.zip
    [2012/06/25 00:30:56 | 000,161,188 | ---- | C] () -- C:\Users\Babydoll\NO$GBA.2.6a.zip
    [2012/06/16 21:12:37 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
    [2012/05/11 01:06:06 | 002,721,977 | ---- | C] () -- C:\Users\Babydoll\DSC00790.JPG
    [2012/05/11 01:06:06 | 002,655,343 | ---- | C] () -- C:\Users\Babydoll\DSC00997.JPG
    [2012/05/11 01:06:06 | 002,596,108 | ---- | C] () -- C:\Users\Babydoll\DSC00791.JPG
    [2012/05/11 01:06:06 | 002,540,696 | ---- | C] () -- C:\Users\Babydoll\DSC02413.JPG
    [2012/05/11 01:06:06 | 002,537,498 | ---- | C] () -- C:\Users\Babydoll\DSC02415.JPG
    [2012/05/11 01:06:06 | 002,528,846 | ---- | C] () -- C:\Users\Babydoll\DSC03060.JPG
    [2012/05/11 01:06:06 | 002,524,981 | ---- | C] () -- C:\Users\Babydoll\DSC00793.JPG
    [2012/05/11 01:06:06 | 002,511,863 | ---- | C] () -- C:\Users\Babydoll\DSC02412.JPG
    [2012/05/11 01:06:06 | 002,504,260 | ---- | C] () -- C:\Users\Babydoll\DSC03031.JPG
    [2012/05/11 01:06:06 | 002,489,644 | ---- | C] () -- C:\Users\Babydoll\DSC00789.JPG
    [2012/05/11 01:06:06 | 002,433,736 | ---- | C] () -- C:\Users\Babydoll\DSC03396.JPG
    [2012/05/11 01:06:06 | 002,428,501 | ---- | C] () -- C:\Users\Babydoll\DSC00792.JPG
    [2012/05/11 01:06:06 | 002,423,533 | ---- | C] () -- C:\Users\Babydoll\DSC03030.JPG
    [2012/05/11 01:06:06 | 002,407,521 | ---- | C] () -- C:\Users\Babydoll\DSC02191.JPG
    [2012/05/11 01:06:06 | 002,360,882 | ---- | C] () -- C:\Users\Babydoll\DSC02411.JPG
    [2012/05/11 01:06:06 | 002,344,051 | ---- | C] () -- C:\Users\Babydoll\DSC00796.JPG
    [2012/05/11 01:06:06 | 002,337,713 | ---- | C] () -- C:\Users\Babydoll\DSC00981.JPG
    [2012/05/11 01:06:06 | 002,332,671 | ---- | C] () -- C:\Users\Babydoll\DSC03395.JPG
    [2012/05/11 01:06:06 | 002,239,635 | ---- | C] () -- C:\Users\Babydoll\DSC02188.JPG
    [2012/05/11 01:06:06 | 002,221,965 | ---- | C] () -- C:\Users\Babydoll\DSC00783.JPG
    [2012/05/11 01:06:06 | 002,215,728 | ---- | C] () -- C:\Users\Babydoll\DSC01931.JPG
    [2012/05/11 01:06:06 | 002,165,964 | ---- | C] () -- C:\Users\Babydoll\DSC00788.JPG
    [2012/05/11 01:06:06 | 002,159,457 | ---- | C] () -- C:\Users\Babydoll\DSC03042.JPG
    [2012/05/11 01:06:06 | 002,106,787 | ---- | C] () -- C:\Users\Babydoll\DSC02416.JPG
    [2012/05/11 01:06:06 | 002,008,937 | ---- | C] () -- C:\Users\Babydoll\DSC02414.JPG
    [2012/05/11 01:06:06 | 001,947,561 | ---- | C] () -- C:\Users\Babydoll\DSC02190.JPG
    [2012/05/11 01:06:06 | 001,883,014 | ---- | C] () -- C:\Users\Babydoll\DSC01930.JPG
    [2012/05/11 01:06:06 | 001,856,033 | ---- | C] () -- C:\Users\Babydoll\DSC02189.JPG
    [2012/05/11 01:06:06 | 000,043,447 | ---- | C] () -- C:\Users\Babydoll\n1059472903_30241310_917369.jpg
    [2012/05/11 01:06:06 | 000,040,100 | ---- | C] () -- C:\Users\Babydoll\dsc03395k.jpg
    [2012/05/08 10:22:29 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
    [2012/05/08 10:22:29 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
    [2012/05/08 10:22:24 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
    [2012/05/08 10:22:24 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
    [2012/05/06 12:48:35 | 000,000,245 | ---- | C] () -- C:\Windows\Brpfx04a.ini
    [2012/05/06 12:48:35 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
    [2012/05/06 12:48:17 | 000,003,302 | ---- | C] () -- C:\Windows\BRPARAM.INI
    [2012/05/06 12:46:48 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
    [2012/05/06 12:46:42 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2012/05/06 12:46:40 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2012/05/06 12:30:51 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2012/05/06 12:09:11 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/05/05 13:47:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/04/05 21:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2012/04/05 21:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
    [2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
    [2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
    [2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/08/22 17:30:52 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\AVG
    [2012/05/06 12:24:39 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\AVG2012
    [2012/05/06 15:55:47 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\ControlCenter4
    [2012/06/11 23:32:26 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\funkitron
    [2012/05/07 12:22:16 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\Leadertech
    [2012/05/19 14:24:15 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\MP3SkypeRecorder
    [2012/07/26 22:17:00 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\Mumble
    [2012/08/23 23:27:30 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\Sony
    [2012/10/14 22:01:20 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\Spotify
    [2012/10/14 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\uTorrent
    [2012/06/28 18:14:53 | 000,000,000 | ---D | M] -- C:\Users\Babydoll\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:80D975A5
    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      [2012/10/14 21:12:18 | 000,000,000 | ---D | C] -- C:\FRST
      [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
      @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:80D975A5
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    I also forgot to post this Extras.txt from the first OTL scan

    OTL Extras logfile created on: 10/15/2012 12:00:04 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Babydoll\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 4.38 Gb Available Physical Memory | 54.75% Memory free
    16.00 Gb Paging File | 11.49 Gb Available in Paging File | 71.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 334.86 Gb Free Space | 71.90% Space Free | Partition Type: NTFS
    Drive D: | 164.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: BABYDOLL-PC | User Name: Babydoll | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-2874638133-926241938-2017742220-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00B9B3D1-06F7-4C4F-9B5B-44177957C76B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{023CA297-FCD7-4E86-B3C4-5F93F3BBCBB4}" = rport=138 | protocol=17 | dir=out | app=system |
    "{06458785-321D-43F2-B79E-15F8A1D85BD2}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{32AA9806-DA3B-4902-9A0D-3D762ACF147D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{33286848-D6B3-4BA6-B034-2F77A039281F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3D8B6406-3C27-4F4F-B7FF-89D245300AE2}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{4E842088-72A6-4F87-870B-84B388374CBF}" = lport=137 | protocol=17 | dir=in | app=system |
    "{713D4803-8194-482F-B7F3-31E7F0BAA3ED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{74C7EB49-C921-4BDF-9C69-FB50F11FE4A3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{7766B910-F94D-433B-83CE-8F43DD67CE6D}" = rport=137 | protocol=17 | dir=out | app=system |
    "{8B0A8C79-4049-47C2-B5E4-5034769A85BE}" = rport=139 | protocol=6 | dir=out | app=system |
    "{8E8B3335-2573-4DE1-8D04-D3D0FF28AC3E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{92D28204-3C71-489A-9A09-0869CD0C1B65}" = lport=445 | protocol=6 | dir=in | app=system |
    "{95241A54-BB47-4802-AF7B-648E810EDDC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9855514D-C925-4481-9E26-EABA8C311145}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A7681C12-A4C9-402A-9CCB-C06CA1F9A175}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{AC1A6AA7-A5E7-413A-9388-8349075DE146}" = rport=445 | protocol=6 | dir=out | app=system |
    "{ADB706DA-DDB9-40A8-A7B5-659CD7F89D2C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AED1CAF8-9E24-409E-928A-BEC8342669D4}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{B2E4B73D-F6DD-459D-AA0C-874696D41EFB}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C0F6A1F6-165B-4AEF-9157-4F3F20066768}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C54AE73F-485D-452D-906B-A17CE291D727}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{C8FA4951-6C54-46C7-A322-A0704093CD27}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{FD5D3D53-C9B6-41CC-BD5D-2DF9390FD08C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0DDEFC3D-E1E3-4B86-B013-9E0E71E94CF8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{0E60637B-AE77-45FE-9DC6-59856EDB61CE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
    "{13B2C40F-CD28-4F0F-843E-8DBC196CC557}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{1838B68B-1D91-46E8-A9E2-BD973143BA87}" = protocol=17 | dir=in | app=c:\users\babydoll\appdata\local\apps\2.0\hyd40o68.nan\kekookal.5am\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b138542379386c\curseclient.exe |
    "{1B9E5F5A-B70E-4663-89A1-B4DB9828677D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
    "{1EB2E8B2-7900-4BFE-98C4-75593CADB1D7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{238EA26B-77CC-4EF5-984B-DC38461A9790}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{2680BB5D-5D20-453E-9F08-6B50FD2D6DD5}" = protocol=17 | dir=in | app=c:\users\babydoll\appdata\local\apps\2.0\hyd40o68.nan\kekookal.5am\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\curseclient.exe |
    "{27A9B5B2-D4A7-405A-AB36-BD2116DFF799}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{31D39ADC-EF5B-4DC4-93C2-CBAECBCD5CB9}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{37ADE1D7-5C80-440A-87A3-D3AFFC14E333}" = protocol=6 | dir=in | app=c:\users\babydoll\appdata\roaming\spotify\spotify.exe |
    "{38B96CD3-DEA6-469B-8410-0BDDD3F16E06}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{3EEDD279-4EA2-4F6A-86F9-815DF26B4487}" = protocol=6 | dir=in | app=c:\users\babydoll\appdata\local\apps\2.0\hyd40o68.nan\kekookal.5am\curs..tion_9e9e83ddf3ed3ead_0005.0001_161f1f0e4761792c\curseclient.exe |
    "{448AA55B-2380-4A25-84E4-AF8398552E42}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{46B8DDDF-8979-4D76-973C-372FB5D92BA1}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\media manager for walkman\mediamanager.exe |
    "{48441964-FDA3-4499-B306-C5A1C951D055}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
    "{486BA3B8-75DC-4DC4-B17A-EA84B1FC0816}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{4A2AF42F-C90E-4F13-8F4E-420E85FE50CE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\media manager for walkman\mediamanager.exe |
    "{4B2DD7BE-56E9-40C4-9C02-8B2502D6D9FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4CB24D62-6C92-4468-AF1B-ECC3E7EB3837}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{52C0A0D4-2FC1-44F9-A292-368AA5636534}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{578BB3CA-E31E-4761-802B-1E239E79032C}" = protocol=6 | dir=out | app=system |
    "{5A9211D6-5920-47DD-948A-98B9E1D01B66}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{5ECEB103-CC42-4395-AEA5-9D957DBB5BDF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{612100D3-C9CA-437B-B77B-0E4FDD062940}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
    "{65ABBC67-E511-4A76-94EB-4FFFBFD99A10}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{669B56FA-364D-486C-B7B5-0EF9F3724108}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{67781A4B-248F-4135-9D75-AAAF94DC8CA7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{70853263-2A40-4291-93E1-30B963662CFA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{75CA81EA-BC2B-4F52-947A-8519B8F0E913}" = protocol=58 | dir=in | app=system |
    "{7B94E54A-432F-40D8-B2C5-E125D566F33E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
    "{7BB2BDFB-A496-4C00-8F63-F28422444F58}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{7DDC27ED-F80E-4BDD-BD3D-47FC21495A54}" = protocol=17 | dir=in | app=c:\users\babydoll\appdata\roaming\spotify\spotify.exe |
    "{81D919D3-7C80-4695-999A-62C74D91BE9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{844E0940-3337-4677-8614-5120941B2769}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
    "{84B5735D-6864-42A8-9CE5-224E028903F4}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{888929D9-7EE9-48EB-9ED8-9A674BCCA8C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8F5A4CF7-A445-4E7B-9637-270263870C96}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
    "{93911B48-6E14-4B25-B459-E6E297B9727B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{9E3D9CEA-B947-4D2D-9502-3F5D44B45B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
    "{A7CFF7B6-6E41-4DAE-9036-1E390C8F5892}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
    "{A89C4BEB-E733-4D21-B9EC-E82E50446E37}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A976F79F-860D-4584-93D4-441B66088E73}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{AF270035-8597-42A7-BA87-6C67EB633DE4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{B7278464-003D-4B3D-91B8-7F42D0EB934B}" = protocol=17 | dir=in | app=c:\users\babydoll\appdata\roaming\spotify\spotify.exe |
    "{BA2CA10D-D23D-4F7E-A8B8-D922BF70BD5D}" = protocol=6 | dir=in | app=c:\users\babydoll\appdata\roaming\spotify\spotify.exe |
    "{C0876700-7BB4-4761-A1F8-F3A67A284906}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{C3DB467A-8B4F-4264-AFF2-3F2168B2B988}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C8C8B6FE-D20B-457B-ABE0-6CFC4D651CAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{C9759716-25ED-4586-B898-A4DF27D11FAF}" = protocol=6 | dir=in | app=c:\users\babydoll\appdata\local\apps\2.0\hyd40o68.nan\kekookal.5am\curs..tion_9e9e83ddf3ed3ead_0005.0001_32b138542379386c\curseclient.exe |
    "{CB6AD79E-3150-4E9C-AF11-FD640CF6C622}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{D1A60310-4A56-4C1D-9B06-A2C93A418641}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{DA8B799E-62BC-4011-A63C-3B200DC537BB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DF87DEF8-B8BF-4315-9461-77D36C23D198}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
    "{E592379C-8C73-4D55-8D41-1491A8D15E23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E715E447-6C9D-4F00-8CAB-FF14FEDD200E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E725321E-0422-451A-977B-ECDAC1AF53B3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{E8855A3F-5968-441E-973D-CD34E1BD6644}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EE6B9D22-214F-4990-8A10-6C454789DE30}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
    "{EE94AED9-32B4-4DC1-A07A-37980E78BE74}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
    "{F0A9E5FF-4C94-404B-91C8-E52D908AA2A4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F4D58F21-093E-466A-BAE4-79FDEA2E29AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{F69D542B-F001-40C9-858E-859C17866F5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F6A59072-D7CB-41A2-8079-BE5C2D6DED2F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{F6F4EA48-E7BD-4B94-AB68-AC852E3A8F3B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{F8414A53-34FD-464C-9673-81A21BCC655B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
    "{FA6601DD-EEA5-4261-89F7-ED7B63F1BE75}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{FF753401-291B-4B12-822D-356DDC0558FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
    "{FFBF537E-0C5D-49F1-BB8C-03FDA230D329}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "TCP Query User{045E24F7-DB0B-490D-AF83-07E90658E117}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "TCP Query User{27CA2243-802A-45F4-955A-D0E183F1A021}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
    "TCP Query User{60FCDA0E-CEF5-496E-A264-2A1AC830C9A4}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
    "TCP Query User{A79B0437-FFA3-43B8-9C51-CD4C04DAA397}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
    "TCP Query User{BD184DF6-0C8B-4B5F-992B-3050A9673D8F}C:\users\babydoll\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\babydoll\appdata\local\google\chrome\application\chrome.exe |
    "UDP Query User{191D17AC-EEDC-42C2-9D96-B6D7D210B48E}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
    "UDP Query User{33582D28-27A0-4E67-AB90-9FDB3AD7DB00}C:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
    "UDP Query User{48A27D96-8DC4-4247-9529-D6A430DC3B95}C:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe |
    "UDP Query User{AE6A5853-0168-423D-8371-77BCB151EFBC}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
    "UDP Query User{F0B847CB-B332-4EB0-9C9C-65BA504851F6}C:\users\babydoll\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\babydoll\appdata\local\google\chrome\application\chrome.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
    "{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2012
    "C-Media CM108 Like Sound Driver" = USB PnP Sound Device
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "sp6" = Logitech SetPoint 6.32
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
    "{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
    "{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
    "{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
    "{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
    "{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
    "{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
    "{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J430W
    "{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
    "{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
    "{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
    "{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AudibleManager" = AudibleManager
    "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Steam App 620" = Portal 2
    "uTorrent" = µTorrent
    "WinLiveSuite" = Windows Live Essentials
    "World of Warcraft" = World of Warcraft

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2874638133-926241938-2017742220-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "101a9f93b8f0bb6f" = Curse Client
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/14/2012 2:02:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x1644 Faulting application
    start time: 0x01cdaa3610bfde10 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 4e6eca50-1629-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:03:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x934 Faulting application
    start time: 0x01cdaa3634910e90 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 72425c30-1629-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:04:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0xf30 Faulting application
    start time: 0x01cdaa36586701d0 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 96138cb0-1629-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:05:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x11c4 Faulting application
    start time: 0x01cdaa367c383250 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: b9e97ff0-1629-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:06:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0xe3c Faulting application
    start time: 0x01cdaa36a01549b0 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: ddc1d490-1629-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:07:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x6e4 Faulting application
    start time: 0x01cdaa36c3eb3cf0 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 019a2930-162a-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:08:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x114c Faulting application
    start time: 0x01cdaa36e7bfe040 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 256c6b20-162a-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:09:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x134c Faulting application
    start time: 0x01cdaa370b8eaf60 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 493ffd00-162a-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:10:25 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x1734 Faulting application
    start time: 0x01cdaa372f696560 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 6d1ab300-162a-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:11:26 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x14c4 Faulting application
    start time: 0x01cdaa37533a95e0 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 90e98220-162a-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:12:26 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x1698 Faulting application
    start time: 0x01cdaa37770bc660 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: b4bab2a0-162a-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:13:26 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x1340 Faulting application
    start time: 0x01cdaa379adcf6e0 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: d88be320-162a-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:14:26 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x208 Faulting application
    start time: 0x01cdaa37beabc600 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: fc5850e0-162a-11e2-bd12-bcaec59544fa

    Error - 10/14/2012 2:15:26 PM | Computer Name = Babydoll-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x7488c9f1 Faulting process id: 0x8d8 Faulting application
    start time: 0x01cdaa37e27abc30 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 2029a870-162b-11e2-bd12-bcaec59544fa

    [ System Events ]
    Error - 9/21/2012 1:56:30 PM | Computer Name = Babydoll-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 9/21/2012 2:40:20 PM | Computer Name = Babydoll-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 9/22/2012 12:32:50 PM | Computer Name = Babydoll-PC | Source = BROWSER | ID = 8032
    Description = The browser service has failed to retrieve the backup list too many
    times on transport \Device\NetBT_Tcpip_{46D2BCDE-7C84-4F6F-9848-39AF9E896812}. The
    backup browser is stopping.

    Error - 9/23/2012 1:00:16 AM | Computer Name = Babydoll-PC | Source = Microsoft-Windows-Time-Service | ID = 34
    Description = The time service has detected that the system time needs to be changed
    by 86379 seconds. The time service will not change the system time by more than
    54000 seconds. Verify that your time and time zone are correct, and that the time
    source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.13:123) is working
    properly.

    Error - 9/27/2012 10:33:08 PM | Computer Name = Babydoll-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 10:31:26 PM on ?9/?27/?2012 was unexpected.

    Error - 9/28/2012 11:37:27 PM | Computer Name = Babydoll-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 11:35:35 PM on ?9/?28/?2012 was unexpected.

    Error - 9/28/2012 11:39:00 PM | Computer Name = Babydoll-PC | Source = Service Control Manager | ID = 7022
    Description = The AMD FUEL Service service hung on starting.

    Error - 9/30/2012 1:00:17 AM | Computer Name = Babydoll-PC | Source = Microsoft-Windows-Time-Service | ID = 34
    Description = The time service has detected that the system time needs to be changed
    by -86421 seconds. The time service will not change the system time by more than
    54000 seconds. Verify that your time and time zone are correct, and that the time
    source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.21.13:123) is working
    properly.

    Error - 10/2/2012 12:29:35 PM | Computer Name = Babydoll-PC | Source = DCOM | ID = 10010
    Description =

    Error - 10/3/2012 3:06:35 PM | Computer Name = Babydoll-PC | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 3:04:29 PM on ?10/?3/?2012 was unexpected.


    < End of report >
    OTL REPORT
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    C:\FRST\Quarantine\{04cfe51a-6306-2045-1172-609246c62773}\U folder moved successfully.
    C:\FRST\Quarantine\{04cfe51a-6306-2045-1172-609246c62773} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ADS C:\ProgramData\TEMP:80D975A5 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Babydoll
    ->Temp folder emptied: 559729 bytes
    ->Temporary Internet Files folder emptied: 48942822 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 1118578572 bytes
    ->Google Chrome cache emptied: 370081291 bytes
    ->Flash cache emptied: 24682 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 13846 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46359595 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,511.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Babydoll
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Babydoll
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10152012_095701
    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    C:\Users\Babydoll\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  19. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    JavaFX 2.1.1
    Java 7 Update 7
    Adobe Flash Player 11.4.402.287
    Adobe Reader X (10.1.4)
    Mozilla Firefox (15.0.1)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 3%
    ````````````````````End of Log``````````````````````
    Farbar Service Scanner Version: 07-10-2012
    Ran by Babydoll (administrator) on 15-10-2012 at 10:11:27
    Running from "C:\Users\Babydoll\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Attempt to access Yahoo.com returned error: Yahoo.com is offline
    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================
    System Restore:
    ============
    System Restore Disabled Policy:
    ========================
    Action Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================
    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.
    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1
    Other Services:
    ==============
    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    **** End of log ****
     
  20. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    # AdwCleaner v2.005 - Logfile created 10/15/2012 at 10:12:34
    # Updated 14/10/2012 by Xplode
    # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
    # User : Babydoll - BABYDOLL-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Babydoll\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Users\Babydoll\AppData\Local\APN
    Folder Deleted : C:\Users\Babydoll\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Babydoll\AppData\LocalLow\AVG Secure Search

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=APN10635&gct=hp --> hxxp://www.google.com

    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Babydoll\AppData\Roaming\Mozilla\Firefox\Profiles\6qdbqp86.default\prefs.js

    Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
    Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bfeec4952-16d5-4827-9c1f-f9b426e47249[...]

    -\\ Google Chrome v22.0.1229.94

    File : C:\Users\Babydoll\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [5949 octets] - [15/10/2012 10:12:34]

    ########## EOF - C:\AdwCleaner[S1].txt - [6009 octets] ##########
     
  21. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    Im still running eset I didnt think it would take this long..sorry.
     
  22. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    Uh oh...looks like im getting warnings from AVG again however I am not getting any redirects in chrome. and the scan still hasnt finished and it has found 25 threats...I have to go to work now but hopefully it will finish when I come home.

    [​IMG]
     
  23. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    Ack! Im sorry I messed up and didnt click import list so I have no log but it finished and said it removed 31 threats.
     
  24. lauraw18

    lauraw18 TS Rookie Topic Starter Posts: 20

    Ran eset again and made sure I clicked on export to text and this is what I got.

    C:\_OTL\MovedFiles\10152012_095701\C_\FRST\Quarantine\services.exeWin64/Patched.A.Gen trojan
     
  25. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    What kind of warnings are you getting from AVG?
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...