Software keeps unistalling mysteriously

Solved
By jbmcck
Nov 9, 2012
Topic Status:
Not open for further replies.
  1. I went on to try and use my skype/ Microsft office and they are no longer avalaible and it says they are uninstalled!

    I did a google search and saw someone on here that had a similar problem and you solved his so I hope you can help me too!

    Below I attach the logs from the scans!

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.09.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Joshua :: JOSHUA-LAPTOP [administrator]

    Protection: Enabled

    09/11/2012 12:41:17
    mbam-log-2012-11-09 (12-41-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227964
    Time elapsed: 4 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully.
    HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-11-09 13:15:09
    Windows 6.1.7601 Service Pack 1
    Running: 4hy2wx9o.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb424c3bd6
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb424c3bd6@f0cba1a1bb19 0x14 0xC8 0x57 0x89 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb424c3bd6 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb424c3bd6@f0cba1a1bb19 0x14 0xC8 0x57 0x89 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\Temp\etilqs_hsRlc90UDStOKtnb7v4d 0 bytes

    ---- EOF - GMER 1.0.15 ----
    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450
    Run by Joshua at 13:16:13 on 2012-11-09
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6038.3862 [GMT 0:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    C:\Windows\system32\lxducoms.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
    C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
    C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\Aware.exe
    C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\Marker.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\Joshua\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://isearch.avg.com/?cid={38DE5CB7-6961-452E-8FBF-841C952C8948}&mid=bd34d57beb0a43928f474665b8779e7e-40cb255589befe9365a727d2995690f0c832f1c6&lang=en&ds=hk011&pr=sa&d=2012-06-10 21:20:35&v=11.1.0.7&sap=hp
    mWinlogon: Userinit = userinit.exe,
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: CIEDownload Object: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120629145907.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [Google Update] "C:\Users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [SMART Board Service] C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    mRun: [Conime] C:\Windows\System32\conime.exe
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
    StartupFolder: C:\Users\Joshua\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTB~1.LNK - C:\Program Files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: dell.com
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{1E0A8272-365B-4134-B966-6C6022A0482E} : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{1E0A8272-365B-4134-B966-6C6022A0482E}\05F6775627C696E656 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{1E0A8272-365B-4134-B966-6C6022A0482E}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{1E0A8272-365B-4134-B966-6C6022A0482E}\3574845313D425B434 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{1E0A8272-365B-4134-B966-6C6022A0482E}\55F634D26596379647F627 : DHCPNameServer = 192.168.38.54 192.168.38.55 192.168.70.51
    TCP: Interfaces\{D71E5D2A-339E-4F8E-92A4-D752F44B247D} : DHCPNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120629145907.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
    x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
    x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 752672]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 335784]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-4-4 28992]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-4 55856]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-4-4 21616]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-5 30568]
    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-11-7 30752]
    R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-4-4 249152]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-4 98208]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-5-12 249648]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
    R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-11-7 1028464]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
    R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
    R2 lxdu_device;lxdu_device;C:\Windows\System32\lxducoms.exe -service --> C:\Windows\System32\lxducoms.exe -service [?]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-9 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-9 676936]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-21 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-21 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-21 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-4-4 237920]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-4-4 218320]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-4-4 177144]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
    R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-11-7 82160]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-4-4 1692480]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-3 381248]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-4 2656280]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-5 711112]
    R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-4-4 27760]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
    R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-19 51712]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]
    R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-4 176096]
    R3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-1 196440]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-4 317440]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-9 25928]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 300392]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 513456]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-4-4 95744]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-4-4 212992]
    R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2012-4-4 29288]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-4 565352]
    R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2007-11-14 16144]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-26 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2012-4-4 224704]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2012-4-4 291648]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-14 1255736]
    S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-6-7 191752]
    S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-21 201304]
    S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
    FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
    FileExt: .js: JSFile=NOTEPAD.EXE "%1"
    FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
    FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
    .
    =============== Created Last 30 ================
    .
    2012-11-09 12:40:45--------d-----w-C:\Users\Joshua\AppData\Roaming\Malwarebytes
    2012-11-09 12:40:37--------d-----w-C:\ProgramData\Malwarebytes
    2012-11-09 12:40:3625928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-11-09 12:40:35--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-09 11:54:32--------d-----w-C:\NVIDIA
    2012-11-08 15:46:09--------d-----w-C:\ProgramData\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B
    2012-11-08 15:44:57--------d-----w-C:\Users\Joshua\AppData\Roaming\Downloaded Installations
    2012-11-08 15:36:27--------d-----w-C:\ProgramData\Citrix
    2012-11-08 15:35:51--------d-----w-C:\Program Files (x86)\Citrix
    2012-11-08 15:35:45--------d-----w-C:\Users\Joshua\AppData\Local\Citrix
    2012-11-07 23:31:12511328----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
    2012-11-07 23:31:092155248----a-w-C:\Windows\System32\Incinerator64.dll
    2012-11-07 23:31:082097032----a-w-C:\Windows\SysWow64\Incinerator32.dll
    2012-11-07 23:31:0082160----a-w-C:\Windows\System32\drivers\PDFsFilter.sys
    2012-11-07 23:31:0057144----a-w-C:\Windows\System32\iolobtdfg.exe
    2012-11-07 23:31:0025744----a-w-C:\Windows\System32\smrgdf.exe
    2012-11-07 23:30:5969000----a-w-C:\Windows\System32\offreg.dll
    2012-11-07 23:30:5956200----a-w-C:\Windows\SysWow64\offreg.dll
    2012-11-07 23:30:1030752----a-w-C:\Windows\System32\drivers\ElRawDsk.sys
    2012-11-07 23:30:0174703----a-w-C:\Windows\SysWow64\mfc45.dat
    2012-11-07 23:29:56--------d-----w-C:\iolo
    2012-11-07 23:00:05--------d-----w-C:\Users\Joshua\AppData\Roaming\iolo
    2012-11-07 22:53:4474703----a-w-C:\Windows\SysWow64\mfc45.dll
    2012-11-07 22:53:35--------d-----w-C:\ProgramData\iolo
    2012-11-07 22:53:35--------d-----w-C:\Program Files (x86)\iolo
    2012-11-07 16:05:31--------d-----w-C:\Users\Joshua\AppData\Local\{FC9B4CC6-C45E-410A-ADC4-962954FEF125}
    2012-11-05 12:11:4330568----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-29 22:24:31--------d-----w-C:\Users\Joshua\AppData\Local\{ED48EC79-58E7-4BAC-A388-0D4EFD88A4CE}
    2012-10-29 12:35:35--------d-----w-C:\Users\Joshua\AppData\Local\{D139F1E8-0733-4968-8AB9-448D93E7C7CA}
    2012-10-28 20:11:20--------d-----w-C:\Users\Joshua\AppData\Local\{5DF131AD-FD60-44B6-BC5F-804E94876778}
    2012-10-26 14:30:59--------d-----w-C:\ProgramData\Visan
    2012-10-26 14:30:59--------d-----w-C:\ProgramData\PrintProjects
    2012-10-26 14:30:59--------d-----w-C:\Program Files (x86)\PrintProjects
    2012-10-26 14:28:16--------d-----w-C:\Windows\SysWow64\kodak
    2012-10-21 19:20:56--------d-----w-C:\SMS Cubs New
    2012-10-18 17:09:17--------d-----w-C:\Users\Joshua\AppData\Local\{6FE2CCF3-7142-445E-8AA6-D41AA8E58B52}
    2012-10-17 15:52:38--------d-----w-C:\Users\Joshua\AppData\Local\MFAData
    2012-10-17 15:52:38--------d-----w-C:\Users\Joshua\AppData\Local\Avg2013
    2012-10-17 15:52:38--------d-----w-C:\ProgramData\MFAData
    2012-10-11 21:48:2633240----a-w-C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-10-11 21:48:01--------d-----w-C:\Program Files\iPod
    2012-10-11 21:47:59--------d-----w-C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-10-11 21:47:59--------d-----w-C:\Program Files\iTunes
    2012-10-11 21:47:59--------d-----w-C:\Program Files (x86)\iTunes
    2012-10-11 21:43:22--------d-----w-C:\Windows\System32\New folder
    2012-10-11 21:26:21--------d-sh--w-C:\found.000
    .
    ==================== Find3M ====================
    .
    2012-09-29 13:48:361793536----a-w-C:\Windows\System32\EKAiO2MON.dll
    2012-09-29 13:48:24183808----a-w-C:\Windows\System32\EKAiO2COI10.dll
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:322312704----a-w-C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:181392128----a-w-C:\Windows\System32\wininet.dll
    2012-08-24 10:20:111494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29599040----a-w-C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:422382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:171800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:271129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:021427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:582382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:501913200----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00245760----a-w-C:\Windows\System32\OxpsConverter.exe
    2012-08-21 12:01:20125872----a-w-C:\Windows\System32\GEARAspi64.dll
    2012-08-21 12:01:20106928----a-w-C:\Windows\SysWow64\GEARAspi.dll
    2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
    2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22338432----a-w-C:\Windows\System32\conhost.exe
    2012-08-20 17:40:2114336----a-w-C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:4444032----a-w-C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:2625600----a-w-C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:195120----a-w-C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18274944----a-w-C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:217680----a-w-C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:202048----a-w-C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:286144---ha-w-C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:284608---ha-w-C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:283584---ha-w-C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:283072---ha-w-C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 13:16:48.94 ===============
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
  3. jbmcck

    jbmcck Newcomer, in training Topic Starter

    # AdwCleaner v2.007 - Logfile created 11/09/2012 at 15:46:47
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Joshua - JOSHUA-LAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Joshua\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Smartdl
    Folder Deleted : C:\Program Files (x86)\Yontoo
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Joshua\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Joshua\AppData\Local\Temp\avg@toolbar
    Folder Deleted : C:\Users\Joshua\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Joshua\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Joshua\AppData\Roaming\BabylonToolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={38DE5CB7-6961-452E-8FBF-841C952C8948}&mid=bd34d57beb0a43928f474665b8779e7e-40cb255589befe9365a727d2995690f0c832f1c6&lang=en&ds=hk011&pr=sa&d=2012-06-10 21:20:35&v=11.1.0.7&sap=hp --> hxxp://www.google.com

    -\\ Google Chrome v23.0.1271.64

    File : C:\Users\Joshua\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [6040 octets] - [09/11/2012 15:46:47]

    ########## EOF - C:\AdwCleaner[S1].txt - [6100 octets] ##########
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.09.06
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Joshua :: JOSHUA-LAPTOP [administrator]
    Protection: Enabled
    09/11/2012 15:55:30
    mbam-log-2012-11-09 (15-55-30).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 228009
    Time elapsed: 5 minute(s), 7 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  5. jbmcck

    jbmcck Newcomer, in training Topic Starter

    ComboFix 12-11-09.02 - Joshua 09/11/2012 19:18:55.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6038.3737 [GMT 0:00]
    Running from: c:\users\Joshua\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6032\AddOnDownloaded\087abda5-3ca9-433a-8a4e-6b9fc9285607.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\4704833a-6508-40cc-b98b-5ebd235e52ca.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5cd81d7c-326c-42d2-8929-1ee85c69dc1d.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a875f6ee-9729-4447-8d2c-63bd2e6396c1.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\b510dd11-341c-4dfa-9f1e-dd5ddcc444f4.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\dbecb802-efe1-453f-828f-29af4ab73508.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e1ce76af-328a-41dc-b2c4-0dd9771f6aa1.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\e3e252fe-80ab-4f89-82a9-b607007220bd.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\eb115e4d-8592-4082-bffa-e65ae6b21e95.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\ed26c1b3-d9f9-42e8-80e0-cd62e65fd901.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\f28ef68b-8cc4-4c00-891d-473fb67bd0b0.dll
    c:\programdata\Roaming
    c:\users\Default\AppData\Roaming\DPInst.exe
    c:\users\Default\AppData\Roaming\gacutil.exe
    c:\users\Default\AppData\Roaming\PnPutil.exe
    c:\users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3C764D7C-A19B-4A9E-8E98-918579BC7BD4}.xps
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-09 19:25 . 2012-11-09 19:25--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-11-09 19:25 . 2012-11-09 19:25--------d-----w-c:\users\Default\AppData\Local\temp
    2012-11-09 14:09 . 2012-11-09 14:09--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-11-09 12:40 . 2012-11-09 12:40--------d-----w-c:\users\Joshua\AppData\Roaming\Malwarebytes
    2012-11-09 12:40 . 2012-11-09 12:40--------d-----w-c:\programdata\Malwarebytes
    2012-11-09 12:40 . 2012-09-29 19:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-09 12:40 . 2012-11-09 12:40--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-09 11:54 . 2012-11-09 11:54--------d-----w-C:\NVIDIA
    2012-11-08 15:46 . 2012-11-08 16:40--------d-----w-c:\programdata\9223B3E6-70DD-4e2f-965B-DD8E02D2E20B
    2012-11-08 15:44 . 2012-11-08 15:44--------d-----w-c:\users\Joshua\AppData\Roaming\Downloaded Installations
    2012-11-08 15:36 . 2012-11-08 15:36--------d-----w-c:\programdata\Citrix
    2012-11-08 15:35 . 2012-11-08 16:39--------d-----w-c:\program files (x86)\Citrix
    2012-11-08 15:35 . 2012-11-08 15:35--------d-----w-c:\users\Joshua\AppData\Local\Citrix
    2012-11-07 23:31 . 2012-08-02 11:21511328----a-w-c:\program files (x86)\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
    2012-11-07 23:31 . 2012-10-19 09:432155248----a-w-c:\windows\system32\Incinerator64.dll
    2012-11-07 23:31 . 2012-10-19 09:432097032----a-w-c:\windows\SysWow64\Incinerator32.dll
    2012-11-07 23:31 . 2012-10-19 10:0157144----a-w-c:\windows\system32\iolobtdfg.exe
    2012-11-07 23:31 . 2012-10-19 10:0125744----a-w-c:\windows\system32\smrgdf.exe
    2012-11-07 23:31 . 2012-08-02 11:2182160----a-w-c:\windows\system32\drivers\PDFsFilter.sys
    2012-11-07 23:30 . 2012-08-02 11:2169000----a-w-c:\windows\system32\offreg.dll
    2012-11-07 23:30 . 2012-08-02 11:2156200----a-w-c:\windows\SysWow64\offreg.dll
    2012-11-07 23:30 . 2012-08-02 11:2130752----a-w-c:\windows\system32\drivers\ElRawDsk.sys
    2012-11-07 23:30 . 2012-11-07 23:3074703----a-w-c:\windows\SysWow64\mfc45.dat
    2012-11-07 23:29 . 2012-11-07 23:29--------d-----w-C:\iolo
    2012-11-07 23:00 . 2012-11-07 23:36--------d-----w-c:\users\Joshua\AppData\Roaming\iolo
    2012-11-07 22:53 . 2012-11-07 22:5374703----a-w-c:\windows\SysWow64\mfc45.dll
    2012-11-07 22:53 . 2012-11-08 18:22--------d-----w-c:\programdata\iolo
    2012-11-07 22:53 . 2012-11-07 23:30--------d-----w-c:\program files (x86)\iolo
    2012-11-05 12:11 . 2012-11-05 12:1130568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-10-26 14:30 . 2012-11-09 12:30--------d-----w-c:\program files (x86)\PrintProjects
    2012-10-26 14:30 . 2012-10-26 14:30--------d-----w-c:\programdata\Visan
    2012-10-26 14:30 . 2012-10-26 14:30--------d-----w-c:\programdata\PrintProjects
    2012-10-26 14:28 . 2012-10-26 14:28--------d-----w-c:\windows\SysWow64\kodak
    2012-10-26 14:25 . 2012-10-26 14:25--------d-----w-c:\users\Default\AppData\Roaming\KODAK AiO Home Center422235304
    2012-10-21 19:20 . 2012-11-09 17:14--------d-----w-C:\SMS Cubs New
    2012-10-17 15:52 . 2012-11-07 22:24--------d-----w-c:\programdata\MFAData
    2012-10-17 15:52 . 2012-10-17 15:52--------d-----w-c:\users\Joshua\AppData\Local\MFAData
    2012-10-17 15:52 . 2012-10-17 15:52--------d-----w-c:\users\Joshua\AppData\Local\Avg2013
    2012-10-11 21:48 . 2012-08-21 12:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-10-11 21:48 . 2012-10-11 21:48--------d-----w-c:\program files\iPod
    2012-10-11 21:47 . 2012-11-09 12:30--------d-----w-c:\program files\iTunes
    2012-10-11 21:47 . 2012-11-09 12:30--------d-----w-c:\program files (x86)\iTunes
    2012-10-11 21:43 . 2012-10-11 21:43--------d-----w-c:\windows\system32\New folder
    2012-10-11 21:26 . 2012-11-08 17:17--------d-----w-C:\found.000
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-29 13:48 . 2012-09-29 13:481793536----a-w-c:\windows\system32\EKAiO2MON.dll
    2012-09-29 13:48 . 2012-09-29 13:48183808----a-w-c:\windows\system32\EKAiO2COI10.dll
    2012-09-14 19:19 . 2012-10-10 10:322048----a-w-c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 10:322048----a-w-c:\windows\SysWow64\tzres.dll
    2012-08-31 18:19 . 2012-10-10 10:331659760----a-w-c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 10:335559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 10:333968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 10:333914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05 . 2012-10-10 10:32220160----a-w-c:\windows\system32\wintrust.dll
    2012-08-24 16:57 . 2012-10-10 10:32172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-08-24 11:15 . 2012-10-03 09:5717810944----a-w-c:\windows\system32\mshtml.dll
    2012-08-24 10:39 . 2012-10-03 09:5710925568----a-w-c:\windows\system32\ieframe.dll
    2012-08-24 10:31 . 2012-10-03 09:572312704----a-w-c:\windows\system32\jscript9.dll
    2012-08-24 10:22 . 2012-10-03 09:571346048----a-w-c:\windows\system32\urlmon.dll
    2012-08-24 10:21 . 2012-10-03 09:571392128----a-w-c:\windows\system32\wininet.dll
    2012-08-24 10:20 . 2012-10-03 09:571494528----a-w-c:\windows\system32\inetcpl.cpl
    2012-08-24 10:18 . 2012-10-03 09:57237056----a-w-c:\windows\system32\url.dll
    2012-08-24 10:17 . 2012-10-03 09:5785504----a-w-c:\windows\system32\jsproxy.dll
    2012-08-24 10:14 . 2012-10-03 09:57173056----a-w-c:\windows\system32\ieUnatt.exe
    2012-08-24 10:14 . 2012-10-03 09:57816640----a-w-c:\windows\system32\jscript.dll
    2012-08-24 10:13 . 2012-10-03 09:57599040----a-w-c:\windows\system32\vbscript.dll
    2012-08-24 10:12 . 2012-10-03 09:572144768----a-w-c:\windows\system32\iertutil.dll
    2012-08-24 10:11 . 2012-10-03 09:57729088----a-w-c:\windows\system32\msfeeds.dll
    2012-08-24 10:10 . 2012-10-03 09:5796768----a-w-c:\windows\system32\mshtmled.dll
    2012-08-24 10:09 . 2012-10-03 09:572382848----a-w-c:\windows\system32\mshtml.tlb
    2012-08-24 10:04 . 2012-10-03 09:57248320----a-w-c:\windows\system32\ieui.dll
    2012-08-24 06:59 . 2012-10-03 09:571800704----a-w-c:\windows\SysWow64\jscript9.dll
    2012-08-24 06:51 . 2012-10-03 09:571129472----a-w-c:\windows\SysWow64\wininet.dll
    2012-08-24 06:51 . 2012-10-03 09:571427968----a-w-c:\windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47 . 2012-10-03 09:57142848----a-w-c:\windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47 . 2012-10-03 09:57420864----a-w-c:\windows\SysWow64\vbscript.dll
    2012-08-24 06:43 . 2012-10-03 09:572382848----a-w-c:\windows\SysWow64\mshtml.tlb
    2012-08-22 18:12 . 2012-10-01 11:251913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-10-01 11:25950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-10-01 11:25376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-10-01 11:25288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01 . 2012-10-01 11:24245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-08-21 13:01 . 2012-08-21 12:01125872----a-w-c:\windows\system32\GEARAspi64.dll
    2012-08-21 13:01 . 2012-08-21 12:01106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2012-08-20 18:48 . 2012-10-10 10:33362496----a-w-c:\windows\system32\wow64win.dll
    2012-08-20 18:48 . 2012-10-10 10:33243200----a-w-c:\windows\system32\wow64.dll
    2012-08-20 18:48 . 2012-10-10 10:3313312----a-w-c:\windows\system32\wow64cpu.dll
    2012-08-20 18:48 . 2012-10-10 10:33215040----a-w-c:\windows\system32\winsrv.dll
    2012-08-20 18:48 . 2012-10-10 10:3316384----a-w-c:\windows\system32\ntvdm64.dll
    2012-08-20 18:48 . 2012-10-10 10:33424448----a-w-c:\windows\system32\KernelBase.dll
    2012-08-20 18:48 . 2012-10-10 10:331162240----a-w-c:\windows\system32\kernel32.dll
    2012-08-20 18:46 . 2012-10-10 10:33338432----a-w-c:\windows\system32\conhost.exe
    2012-08-20 18:38 . 2012-10-10 10:334608---ha-w-c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:334608---ha-w-c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333584---ha-w-c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:334096---ha-w-c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:334096---ha-w-c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:334096---ha-w-c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333584---ha-w-c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333584---ha-w-c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333584---ha-w-c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333584---ha-w-c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333584---ha-w-c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:336144---ha-w-c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:334096---ha-w-c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333584---ha-w-c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:335120---ha-w-c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 18:38 . 2012-10-10 10:333072---ha-w-c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 17:40 . 2012-10-10 10:3314336----a-w-c:\windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38 . 2012-10-10 10:3344032----a-w-c:\windows\apppatch\acwow64.dll
    2012-08-20 17:38 . 2012-10-10 10:3325600----a-w-c:\windows\SysWow64\setup16.exe
    2012-08-20 17:37 . 2012-10-10 10:335120----a-w-c:\windows\SysWow64\wow32.dll
    2012-08-20 17:37 . 2012-10-10 10:33274944----a-w-c:\windows\SysWow64\KernelBase.dll
    2012-08-20 17:32 . 2012-10-10 10:334096---ha-w-c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:334608---ha-w-c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:334096---ha-w-c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:334096---ha-w-c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:334096---ha-w-c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333584---ha-w-c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333072---ha-w-c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333072---ha-w-c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333072---ha-w-c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:335120---ha-w-c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333584---ha-w-c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333584---ha-w-c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333584---ha-w-c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333584---ha-w-c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333584---ha-w-c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333072---ha-w-c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333072---ha-w-c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333072---ha-w-c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333072---ha-w-c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 17:32 . 2012-10-10 10:333072---ha-w-c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
    "SMART Board Service"="c:\program files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe" [2007-11-02 1283336]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-03 296056]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-10-19 2235840]
    .
    c:\users\Joshua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SMART Board Tools.lnk - c:\program files (x86)\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe [2007-11-2 4519176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer4"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
    R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-07-17 106112]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [2011-10-16 291648]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
    R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
    R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-07-17 335784]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-04 28992]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-05 30568]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-08-02 30752]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2011-11-04 249152]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]
    S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]
    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-10-19 1028464]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-07-17 218320]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-07-17 177144]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-02 82160]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-09-22 1692480]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-03 381248]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-05 711112]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]
    S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-10-10 288768]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-07-17 69672]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-10-11 59904]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-07-17 513456]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-14 95744]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-14 212992]
    S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
    S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2007-11-14 16144]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-945250445-3227641614-1528059328-1001Core.job
    - c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 12:24]
    .
    2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-945250445-3227641614-1528059328-1001UA.job
    - c:\users\Joshua\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-11 12:24]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-30 7284328]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
    "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{1E0A8272-365B-4134-B966-6C6022A0482E}\05F6775627C696E656: DhcpNameServer = 192.168.0.1
    DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE "%1"
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
    Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-09 19:27:51
    ComboFix-quarantined-files.txt 2012-11-09 19:27
    .
    Pre-Run: 601,396,019,200 bytes free
    Post-Run: 601,283,686,400 bytes free
    .
    - - End Of File - - 882AD8518BEC2DBCD7F56F1C55B10B09
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  7. jbmcck

    jbmcck Newcomer, in training Topic Starter

    My computer is slower on start up but generally runs at an ok speed! I have had the blue screen of death but that was before this began about 3-4 weeks ago and has only happened once!

    C:\$RECYCLE.BIN\S-1-5-21-945250445-3227641614-1528059328-1001\$R6ZADHQ.exeWin32/InstalleRex.A.Gen applicationcleaned by deleting - quarantined
    C:\Users\Joshua\Downloads\1\Carly_Rae_Jepsen_-_Call_Me_Maybe_New_Song_for_2012__(get-tune.net).mp3.exea variant of Win32/Adware.MediaFinder.C applicationcleaned by deleting - quarantined
    C:\Users\Joshua\Downloads\1\WinZip165.exea variant of Win32/OpenInstall applicationcleaned by deleting - quarantined
    C:\Users\Joshua\Downloads\1\_eizvesten_-_Call_Me_Maybe_(iplayer.fm).mp3.exea variant of Win32/Adware.MediaFinder.C applicationcleaned by deleting - quarantined
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

      Caution: Only use the Registry feature if you are very familiar with the registry.
      Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

      Security Check

      Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
      • Save it to your Desktop.
      • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
      • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  9. jbmcck

    jbmcck Newcomer, in training Topic Starter

    Results of screen317's Security Check version 0.99.54
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    McAfee Anti-Virus and Anti-Spyware
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.1.1000
    Java(TM) 6 Update 31
    Java(TM) 7 Update 1
    Java version out of Date!
    Google Chrome 21.0.1180.79
    Google Chrome 21.0.1180.83
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    iolo Common Lib ioloServiceManager.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Any other questions before I mark this topic solved?
  11. jbmcck

    jbmcck Newcomer, in training Topic Starter

    Done! Thanks
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Great, you're welcome. Topic marked solved. √
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.