Solved Trojan Generic30.wav in C:\Windows\scvhost.exe

DonkeyHote

Posts: 23   +0
This trojan has proved resistant to removal. Scanning with AVG, MBAM, and Spybot: Search&Destroy find a trojan in scvhost.exe. All 3 report it removed after following their removal procedures, but after rebooting as requested by AVG and MBAM and scanning again the trojan is found again. In addition to the Trojan Generic30.wav in scvhost.exe, AVG reports Trojan Generic30.wav in C:\Windows\system32\csrss.exe and in C:\Windows\system32\smss.exe as well. Spybot:S&D reports it as Smitfraud-C.generic: [SBI $5926A588] in C:\Windows\scvhost.exe.

Logs requested by preliminary instructions:
MBAM:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.22.01
Windows Vista Service Pack 2 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Keegan :: KEEGAN-PC [administrator]
11/22/2012 12:11:05 AM
mbam-log-2012-11-22 (00-11-05).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 237270
Time elapsed: 6 minute(s), 32 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1116 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
DDS:
DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Keegan at 17:07:01 on 2012-11-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1929 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uSearch Bar = Preserve
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Keegan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\Users\Keegan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{8AD0D0B8-9E06-423E-A34E-BC08B6EDFC8F} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|https://www.hclib...yahoo.com/dc/launch?.gx=0&.rand=fkbf7tgsnqi6g
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={EC7F3533-F529-4E1D-9830-52AFAE9DEE90}&mid=5880512c526ea49a3628135b34d5fd8c-993c620a0638845eab78b62bac10aaf2f7d7189d&lang=en&ds=AVG&pr=fr&d=2012-10-17 14:57:02&v=13.2.0.1&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Users\Keegan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 63f8ff47-6343-4d43-ac03-6abe8cc75bab
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-4-23 55856]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 30568]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe [2010-6-16 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-20 1153368]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-10-17 711112]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-4-23 4735488]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-23 392192]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca23909c942c0;Google Update Service (gupdate1ca23909c942c0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-22 133104]
S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-4 28152]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-11 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-11-14 08:37:01 66395536 ----a-w- C:\Windows\System32\mrt.exe
2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-17 19:56:47 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-12 14:53:34 2769920 ----a-w- C:\Windows\System32\win32k.sys
2012-10-08 20:34:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 20:34:22 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-19 23:45:43 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-19 23:45:42 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
2012-09-19 23:45:42 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
2012-09-19 23:45:42 174056 ----a-w- C:\Windows\SysWow64\java.exe
2012-09-19 23:45:41 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-19 23:45:41 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
.
============= FINISH: 17:07:13.56 ===============
 
Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/23/2009 3:35:53 AM
System Uptime: 11/22/2012 11:01:13 AM (6 hours ago)
.
Motherboard: Dell Inc. | | 0G437N
Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 218 GiB total, 9.519 GiB free.
E: is FIXED (NTFS) - 15 GiB total, 6.022 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
RP955: 11/18/2012 7:14:41 PM - Scheduled Checkpoint
RP956: 11/19/2012 9:34:38 AM - Scheduled Checkpoint
RP957: 11/20/2012 12:26:52 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Amazon MP3 Downloader 1.0.17
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AVG 2013
AVG PC Tuneup
AVG Security Toolbar
Banctec Service Agreement
Battlefield Play4Free
Bing Rewards Client Installer
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Choice Guard
Compatibility Pack for the 2007 Office system
Crusader Kings II
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
DELL0703
DivX Setup
eMusic Download Manager
EPSON Printer Software
Free MP3 WMA OGG Converter 8.2.5
Google Chrome
Google Update Helper
Google Updater
Guild Wars 2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IDT Audio
Impulse
Intel(R) Rapid Storage Technology
Intel® Matrix Storage Manager
iTunes
Java 7 Update 7
Java Auto Updater
Junk Mail filter update
LAME v3.98.2 for Audacity
Left 4 Dead 2 Add-on Support
Left 4 Dead 2 Dedicated Server
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
Notepad++
NVIDIA PhysX
OpenAL
Orcs Must Die! 2
Plants vs. Zombies: Game of the Year
PowerDVD
Quickset
QuickTime
Resource Hacker Version 3.6.0
Rochard
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SlimDX Redistributable (March 2009)
Space Pirates and Zombies
Spybot - Search & Destroy
Steam
swMSM
System Requirements Lab CYRI
Team Fortress 2
TeamSpeak 3 Client
Torchlight
Trine 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.3
VoiceOver Kit
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.01 (64-bit)
WinRAR 4.10 (32-bit)
WinSCP 4.3.6
Xiph QuickTime Components
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/22/2012 12:11:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/22/2012 12:10:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/22/2012 12:10:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/22/2012 12:10:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
11/22/2012 12:09:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/22/2012 12:09:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/22/2012 12:09:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
11/22/2012 12:09:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/22/2012 12:09:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/22/2012 12:09:15 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:14 AM on 11/22/2012 was unexpected.
11/22/2012 11:08:13 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/22/2012 11:02:47 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/22/2012 11:02:47 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/22/2012 11:02:47 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/21/2012 9:53:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca23909c942c0) service to connect.
11/21/2012 9:53:04 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca23909c942c0) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2012 9:53:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate1ca23909c942c0 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
11/21/2012 6:39:33 PM, Error: EventLog [6008] - The previous system shutdown at 6:25:57 PM on 11/21/2012 was unexpected.
11/21/2012 2:10:48 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
11/21/2012 11:28:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 spldr Wanarpv6
11/21/2012 11:28:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
11/21/2012 11:28:30 AM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2012 1:10:23 PM, Error: EventLog [6008] - The previous system shutdown at 1:08:48 PM on 11/21/2012 was unexpected.
11/20/2012 7:16:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
11/20/2012 7:16:27 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/20/2012 12:50:55 AM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
11/20/2012 12:41:13 AM, Error: Service Control Manager [7000] - The Hamachi Network Interface service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/20/2012 11:51:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
11/20/2012 11:51:10 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/19/2012 9:20:32 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -Embedding
11/19/2012 8:38:36 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/19/2012 8:38:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
11/19/2012 8:38:36 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/19/2012 7:31:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 5.151.212.110 for the Network Card with network address 7A790597D46E has been denied by the DHCP server 25.0.0.1 (The DHCP Server sent a DHCPNACK message).
11/19/2012 7:29:18 AM, Error: EventLog [6008] - The previous system shutdown at 7:27:01 AM on 11/19/2012 was unexpected.
11/19/2012 2:52:08 PM, Error: EventLog [6008] - The previous system shutdown at 2:50:18 PM on 11/19/2012 was unexpected.
11/19/2012 10:22:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
11/18/2012 12:13:48 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service.
11/17/2012 12:57:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
11/17/2012 12:57:43 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/17/2012 12:57:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/17/2012 12:57:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
11/17/2012 12:57:14 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/16/2012 8:28:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.13.12.223 for the Network Card with network address 0022FB36CCB6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSSKiller log part 1:

23:57:19.0364 24536 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:57:19.0867 24536 ============================================================
23:57:19.0867 24536 Current date / time: 2012/11/22 23:57:19.0867
23:57:19.0867 24536 SystemInfo:
23:57:19.0867 24536
23:57:19.0867 24536 OS Version: 6.0.6002 ServicePack: 2.0
23:57:19.0867 24536 Product type: Workstation
23:57:19.0867 24536 ComputerName: KEEGAN-PC
23:57:19.0955 24536 UserName: Keegan
23:57:19.0955 24536 Windows directory: C:\Windows
23:57:19.0955 24536 System windows directory: C:\Windows
23:57:19.0955 24536 Running under WOW64
23:57:19.0955 24536 Processor architecture: Intel x64
23:57:19.0955 24536 Number of processors: 2
23:57:19.0955 24536 Page size: 0x1000
23:57:19.0955 24536 Boot type: Normal boot
23:57:19.0955 24536 ============================================================
23:57:21.0933 24536 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:57:21.0937 24536 ============================================================
23:57:21.0937 24536 \Device\Harddisk0\DR0:
23:57:21.0937 24536 MBR partitions:
23:57:21.0937 24536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
23:57:21.0937 24536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
23:57:21.0937 24536 ============================================================
23:57:21.0987 24536 C: <-> \Device\Harddisk0\DR0\Partition2
23:57:22.0022 24536 E: <-> \Device\Harddisk0\DR0\Partition1
23:57:22.0022 24536 ============================================================
23:57:22.0022 24536 Initialize success
23:57:22.0022 24536 ============================================================
23:57:38.0717 23436 ============================================================
23:57:38.0717 23436 Scan started
23:57:38.0717 23436 Mode: Manual;
23:57:38.0717 23436 ============================================================
23:57:40.0299 23436 ================ Scan system memory ========================
23:57:40.0299 23436 System memory - ok
23:57:40.0299 23436 ================ Scan services =============================
23:57:41.0242 23436 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
23:57:41.0248 23436 ACPI - ok
23:57:41.0634 23436 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:57:41.0636 23436 AdobeARMservice - ok
23:57:41.0839 23436 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:57:41.0844 23436 AdobeFlashPlayerUpdateSvc - ok
23:57:41.0909 23436 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:57:41.0917 23436 adp94xx - ok
23:57:41.0978 23436 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:57:42.0015 23436 adpahci - ok
23:57:42.0053 23436 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:57:42.0056 23436 adpu160m - ok
23:57:42.0078 23436 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:57:42.0082 23436 adpu320 - ok
23:57:42.0152 23436 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:57:42.0153 23436 AeLookupSvc - ok
23:57:42.0349 23436 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe
23:57:42.0351 23436 AESTFilters - ok
23:57:42.0528 23436 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
23:57:42.0606 23436 AFD - ok
23:57:42.0672 23436 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:57:42.0673 23436 agp440 - ok
23:57:42.0813 23436 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:57:42.0816 23436 aic78xx - ok
23:57:42.0841 23436 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
23:57:42.0843 23436 ALG - ok
23:57:42.0911 23436 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
23:57:42.0913 23436 aliide - ok
23:57:43.0050 23436 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:57:43.0055 23436 AMD External Events Utility - ok
23:57:43.0111 23436 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
23:57:43.0177 23436 amdide - ok
23:57:43.0242 23436 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:57:43.0475 23436 AmdK8 - ok
23:57:43.0835 23436 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:57:44.0684 23436 amdkmdag - ok
23:57:44.0736 23436 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:57:44.0743 23436 amdkmdap - ok
23:57:44.0852 23436 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys
23:57:44.0952 23436 Amfilter - ok
23:57:45.0118 23436 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys
23:57:45.0149 23436 Amusbprt - ok
23:57:45.0225 23436 [ 8C85C812569DF851E7A2159147323DFA ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
23:57:45.0259 23436 ApfiltrService - ok
23:57:45.0406 23436 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
23:57:45.0408 23436 Appinfo - ok
23:57:45.0547 23436 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:57:45.0548 23436 Apple Mobile Device - ok
23:57:45.0573 23436 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
23:57:45.0575 23436 arc - ok
23:57:45.0631 23436 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:57:45.0634 23436 arcsas - ok
23:57:45.0817 23436 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:57:45.0842 23436 aspnet_state - ok
23:57:45.0955 23436 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:57:45.0981 23436 AsyncMac - ok
23:57:46.0061 23436 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys
23:57:46.0062 23436 atapi - ok
23:57:46.0402 23436 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
23:57:46.0474 23436 atikmdag - ok
23:57:46.0562 23436 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
23:57:46.0593 23436 atksgt - ok
23:57:46.0744 23436 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:57:46.0752 23436 AudioEndpointBuilder - ok
23:57:46.0867 23436 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:57:46.0869 23436 AudioSrv - ok
23:57:47.0167 23436 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
23:57:47.0287 23436 AVGIDSAgent - ok
23:57:47.0451 23436 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:57:47.0506 23436 AVGIDSDriver - ok
23:57:47.0526 23436 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
23:57:47.0528 23436 AVGIDSHA - ok
23:57:47.0660 23436 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
23:57:47.0664 23436 Avgldx64 - ok
23:57:47.0817 23436 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
23:57:47.0821 23436 Avgloga - ok
23:57:47.0860 23436 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
23:57:47.0862 23436 Avgmfx64 - ok
23:57:47.0951 23436 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
23:57:47.0953 23436 Avgrkx64 - ok
23:57:47.0968 23436 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
23:57:47.0972 23436 Avgtdia - ok
23:57:48.0172 23436 [ A3B21D3CD9185734698AB4C5D7D8F182 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
23:57:48.0174 23436 avgtp - ok
23:57:48.0486 23436 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
23:57:48.0489 23436 avgwd - ok
23:57:48.0729 23436 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
23:57:48.0737 23436 BFE - ok
23:57:48.0851 23436 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
23:57:48.0884 23436 BITS - ok
23:57:49.0017 23436 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
23:57:49.0019 23436 blbdrive - ok
23:57:49.0288 23436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:57:49.0296 23436 Bonjour Service - ok
23:57:49.0361 23436 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:57:49.0363 23436 bowser - ok
23:57:49.0403 23436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:57:49.0770 23436 BrFiltLo - ok
23:57:49.0803 23436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:57:50.0048 23436 BrFiltUp - ok
23:57:50.0176 23436 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
23:57:50.0178 23436 Browser - ok
23:57:50.0355 23436 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
23:57:50.0357 23436 Brserid - ok
23:57:50.0394 23436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:57:50.0396 23436 BrSerWdm - ok
23:57:50.0409 23436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:57:50.0422 23436 BrUsbMdm - ok
23:57:50.0443 23436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:57:50.0444 23436 BrUsbSer - ok
23:57:50.0477 23436 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:57:50.0479 23436 BTHMODEM - ok
23:57:50.0528 23436 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:57:50.0530 23436 cdfs - ok
23:57:50.0565 23436 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:57:50.0567 23436 cdrom - ok
23:57:50.0702 23436 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
23:57:50.0704 23436 CertPropSvc - ok
23:57:50.0812 23436 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
23:57:50.0967 23436 circlass - ok
23:57:51.0006 23436 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
23:57:51.0012 23436 CLFS - ok
23:57:51.0255 23436 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:57:51.0257 23436 clr_optimization_v2.0.50727_32 - ok
23:57:51.0397 23436 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:57:51.0413 23436 clr_optimization_v2.0.50727_64 - ok
23:57:51.0926 23436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:57:51.0929 23436 clr_optimization_v4.0.30319_32 - ok
23:57:52.0041 23436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:57:52.0220 23436 clr_optimization_v4.0.30319_64 - ok
23:57:52.0248 23436 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:57:52.0250 23436 CmBatt - ok
23:57:52.0332 23436 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:57:52.0333 23436 cmdide - ok
23:57:52.0433 23436 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:57:52.0435 23436 Compbatt - ok
23:57:52.0439 23436 COMSysApp - ok
23:57:52.0758 23436 cpuz132 - ok
23:57:53.0001 23436 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:57:53.0003 23436 crcdisk - ok
23:57:53.0071 23436 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:57:53.0074 23436 CryptSvc - ok
23:57:53.0183 23436 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:57:53.0204 23436 DcomLaunch - ok
23:57:53.0547 23436 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:57:53.0549 23436 DfsC - ok
23:57:53.0751 23436 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
23:57:53.0985 23436 DFSR - ok
23:57:54.0114 23436 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:57:54.0119 23436 Dhcp - ok
23:57:54.0151 23436 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
23:57:54.0153 23436 disk - ok
23:57:54.0197 23436 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:57:54.0240 23436 Dnscache - ok
23:57:54.0359 23436 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
23:57:54.0362 23436 DockLoginService - ok
23:57:54.0467 23436 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
23:57:54.0472 23436 dot3svc - ok
23:57:54.0559 23436 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
23:57:54.0562 23436 DPS - ok
23:57:54.0689 23436 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:57:54.0692 23436 drmkaud - ok
23:57:54.0766 23436 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:57:54.0788 23436 DXGKrnl - ok
23:57:55.0015 23436 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
23:57:55.0021 23436 e1express - ok
23:57:55.0080 23436 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
23:57:55.0083 23436 E1G60 - ok
23:57:55.0185 23436 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
23:57:55.0187 23436 EapHost - ok
23:57:55.0264 23436 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
23:57:55.0267 23436 Ecache - ok
23:57:55.0562 23436 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:57:55.0568 23436 ehRecvr - ok
23:57:55.0587 23436 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
23:57:55.0590 23436 ehSched - ok
23:57:55.0681 23436 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
23:57:55.0682 23436 ehstart - ok
23:57:55.0739 23436 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:57:55.0746 23436 elxstor - ok
23:57:55.0842 23436 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:57:55.0849 23436 EMDMgmt - ok
23:57:56.0109 23436 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
23:57:56.0112 23436 EPSON_PM_RPCV4_01 - ok
23:57:56.0165 23436 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:57:56.0254 23436 ErrDev - ok
23:57:56.0318 23436 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
23:57:56.0325 23436 EventSystem - ok
23:57:56.0372 23436 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
23:57:56.0428 23436 exfat - ok
23:57:56.0517 23436 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:57:56.0521 23436 fastfat - ok
23:57:56.0603 23436 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:57:56.0604 23436 fdc - ok
23:57:56.0651 23436 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
23:57:56.0653 23436 fdPHost - ok
23:57:56.0665 23436 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
23:57:56.0666 23436 FDResPub - ok
23:57:56.0753 23436 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:57:56.0755 23436 FileInfo - ok
23:57:56.0805 23436 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:57:56.0806 23436 Filetrace - ok
23:57:56.0848 23436 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:57:56.0849 23436 flpydisk - ok
23:57:56.0914 23436 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:57:56.0919 23436 FltMgr - ok
23:57:57.0008 23436 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
23:57:57.0042 23436 FontCache - ok
23:57:57.0142 23436 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:57:57.0143 23436 FontCache3.0.0.0 - ok
23:57:57.0326 23436 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:57:57.0328 23436 Fs_Rec - ok
23:57:57.0388 23436 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:57:57.0390 23436 gagp30kx - ok
23:57:57.0474 23436 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:57:57.0476 23436 GEARAspiWDM - ok
23:57:57.0754 23436 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
23:57:57.0776 23436 gpsvc - ok
23:57:57.0944 23436 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca23909c942c0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:57:57.0955 23436 gupdate1ca23909c942c0 - ok
23:57:57.0968 23436 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:57:57.0969 23436 gupdatem - ok
23:57:58.0081 23436 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:57:58.0085 23436 gusvc - ok
23:57:58.0128 23436 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
23:57:58.0130 23436 hamachi - ok
23:57:58.0321 23436 [ A5963114373834D78782013BC803043E ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
23:57:58.0398 23436 Hamachi2Svc - ok
23:57:58.0459 23436 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:57:58.0481 23436 HDAudBus - ok
23:57:58.0693 23436 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:57:58.0705 23436 HidBth - ok
23:57:58.0743 23436 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:57:58.0824 23436 HidIr - ok
23:57:58.0912 23436 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
23:57:58.0913 23436 hidserv - ok
23:57:58.0943 23436 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:57:59.0002 23436 HidUsb - ok
23:57:59.0078 23436 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
23:57:59.0081 23436 hkmsvc - ok
23:57:59.0124 23436 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:57:59.0126 23436 HpCISSs - ok
23:57:59.0165 23436 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:57:59.0209 23436 HTTP - ok
23:57:59.0288 23436 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:57:59.0290 23436 i2omp - ok
23:57:59.0351 23436 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:57:59.0353 23436 i8042prt - ok
23:57:59.0427 23436 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\drivers\iastor.sys
23:57:59.0430 23436 iaStor - ok
23:57:59.0518 23436 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:57:59.0523 23436 iaStorV - ok
23:57:59.0695 23436 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:57:59.0751 23436 IDriverT - ok
23:57:59.0831 23436 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:57:59.0850 23436 idsvc - ok
23:57:59.0889 23436 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:57:59.0891 23436 iirsp - ok
23:57:59.0929 23436 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
23:57:59.0935 23436 IKEEXT - ok
23:57:59.0991 23436 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
23:57:59.0992 23436 intelide - ok
23:58:00.0031 23436 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:58:00.0033 23436 intelppm - ok
23:58:00.0108 23436 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:58:00.0111 23436 IPBusEnum - ok
23:58:00.0216 23436 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:58:00.0218 23436 IpFilterDriver - ok
23:58:00.0278 23436 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:58:00.0283 23436 iphlpsvc - ok
23:58:00.0288 23436 IpInIp - ok
23:58:00.0340 23436 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:58:00.0342 23436 IPMIDRV - ok
23:58:00.0387 23436 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:58:00.0390 23436 IPNAT - ok
23:58:00.0500 23436 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:58:00.0520 23436 iPod Service - ok
23:58:00.0588 23436 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:58:00.0822 23436 IRENUM - ok
23:58:00.0867 23436 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:58:00.0869 23436 isapnp - ok
23:58:00.0905 23436 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:58:00.0909 23436 iScsiPrt - ok
23:58:00.0930 23436 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:58:00.0932 23436 iteatapi - ok
23:58:00.0981 23436 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:58:00.0983 23436 iteraid - ok
23:58:01.0005 23436 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:58:01.0006 23436 kbdclass - ok
23:58:01.0098 23436 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:58:01.0099 23436 kbdhid - ok
23:58:01.0191 23436 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
23:58:01.0193 23436 KeyIso - ok
23:58:01.0239 23436 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
23:58:01.0655 23436 KMWDFILTER - ok
23:58:01.0743 23436 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:58:01.0763 23436 KSecDD - ok
23:58:01.0842 23436 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:58:01.0885 23436 ksthunk - ok
23:58:01.0959 23436 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
23:58:02.0192 23436 KtmRm - ok
23:58:02.0260 23436 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:58:02.0264 23436 LanmanServer - ok
23:58:02.0355 23436 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:58:02.0360 23436 LanmanWorkstation - ok
23:58:02.0443 23436 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
23:58:02.0444 23436 lirsgt - ok
23:58:02.0637 23436 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:58:02.0652 23436 lltdio - ok
23:58:02.0760 23436 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:58:02.0766 23436 lltdsvc - ok
23:58:02.0812 23436 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:58:02.0813 23436 lmhosts - ok
23:58:02.0899 23436 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:58:02.0903 23436 LSI_FC - ok
23:58:02.0989 23436 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:58:02.0992 23436 LSI_SAS - ok
23:58:03.0100 23436 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:58:03.0103 23436 LSI_SCSI - ok
23:58:03.0228 23436 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
23:58:03.0230 23436 luafv - ok
23:58:03.0305 23436 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:58:03.0308 23436 Mcx2Svc - ok
23:58:03.0373 23436 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
23:58:03.0375 23436 megasas - ok
23:58:03.0408 23436 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
23:58:03.0416 23436 MegaSR - ok
23:58:03.0490 23436 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
23:58:03.0492 23436 MMCSS - ok
23:58:03.0580 23436 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
23:58:03.0582 23436 Modem - ok
23:58:03.0654 23436 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:58:03.0656 23436 monitor - ok
23:58:03.0754 23436 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:58:03.0756 23436 mouclass - ok
23:58:03.0853 23436 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:58:03.0976 23436 mouhid - ok
23:58:03.0985 23436 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:58:03.0987 23436 MountMgr - ok
23:58:04.0034 23436 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
23:58:04.0037 23436 mpio - ok
23:58:04.0064 23436 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:58:04.0093 23436 mpsdrv - ok
23:58:04.0220 23436 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
23:58:04.0444 23436 MpsSvc - ok
23:58:04.0462 23436 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:58:04.0464 23436 Mraid35x - ok
23:58:04.0496 23436 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:58:04.0499 23436 MRxDAV - ok
23:58:04.0519 23436 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:58:04.0522 23436 mrxsmb - ok
23:58:04.0608 23436 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:58:04.0613 23436 mrxsmb10 - ok
23:58:04.0647 23436 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:58:04.0650 23436 mrxsmb20 - ok
23:58:04.0734 23436 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
23:58:04.0736 23436 msahci - ok
23:58:04.0783 23436 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:58:04.0786 23436 msdsm - ok
23:58:04.0828 23436 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
23:58:04.0831 23436 MSDTC - ok
23:58:04.0915 23436 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:58:04.0917 23436 Msfs - ok
23:58:05.0007 23436 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:58:05.0008 23436 msisadrv - ok
23:58:05.0048 23436 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:58:05.0160 23436 MSiSCSI - ok
23:58:05.0164 23436 msiserver - ok
23:58:05.0338 23436 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:58:05.0339 23436 MSKSSRV - ok
23:58:05.0375 23436 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:58:05.0509 23436 MSPCLOCK - ok
23:58:05.0725 23436 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:58:05.0726 23436 MSPQM - ok
23:58:05.0854 23436 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:58:05.0860 23436 MsRPC - ok
23:58:05.0977 23436 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:58:05.0979 23436 mssmbios - ok
23:58:06.0006 23436 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:58:06.0008 23436 MSTEE - ok
23:58:06.0100 23436 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
23:58:06.0102 23436 Mup - ok
23:58:06.0186 23436 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
23:58:06.0194 23436 napagent - ok
23:58:06.0293 23436 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:58:06.0343 23436 NativeWifiP - ok
23:58:06.0474 23436 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:58:06.0498 23436 NDIS - ok
23:58:06.0554 23436 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:58:06.0555 23436 NdisTapi - ok
23:58:06.0571 23436 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:58:06.0572 23436 Ndisuio - ok
23:58:06.0621 23436 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:58:06.0625 23436 NdisWan - ok
23:58:06.0700 23436 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:58:06.0702 23436 NDProxy - ok
23:58:06.0716 23436 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:58:06.0718 23436 NetBIOS - ok
23:58:06.0761 23436 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:58:06.0765 23436 netbt - ok
23:58:06.0769 23436 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
23:58:06.0774 23436 Netlogon - ok
23:58:06.0904 23436 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
23:58:06.0912 23436 Netman - ok
23:58:07.0012 23436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:07.0027 23436 NetMsmqActivator - ok
23:58:07.0031 23436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:07.0033 23436 NetPipeActivator - ok
23:58:07.0078 23436 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
23:58:07.0084 23436 netprofm - ok
23:58:07.0145 23436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:07.0146 23436 NetTcpActivator - ok
23:58:07.0151 23436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:07.0153 23436 NetTcpPortSharing - ok
23:58:07.0355 23436 [ F17EDA58C8C5B1A4F873B322729168FF ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
23:58:07.0589 23436 NETw5v64 - ok
23:58:07.0615 23436 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:58:07.0617 23436 nfrd960 - ok
23:58:07.0678 23436 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
23:58:07.0682 23436 NlaSvc - ok
23:58:07.0767 23436 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:58:07.0769 23436 Npfs - ok
23:58:07.0840 23436 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
23:58:07.0843 23436 nsi - ok
23:58:07.0929 23436 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:58:07.0930 23436 nsiproxy - ok
23:58:08.0038 23436 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:58:08.0115 23436 Ntfs - ok
23:58:08.0206 23436 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
23:58:08.0208 23436 Null - ok
23:58:08.0350 23436 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:58:08.0353 23436 nvraid - ok
23:58:08.0469 23436 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:58:08.0488 23436 nvstor - ok
23:58:08.0528 23436 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:58:08.0531 23436 nv_agp - ok
 
Part 2:

23:58:08.0535 23436 NwlnkFlt - ok
23:58:08.0541 23436 NwlnkFwd - ok
23:58:08.0773 23436 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:58:08.0781 23436 odserv - ok
23:58:08.0897 23436 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:58:08.0911 23436 ohci1394 - ok
23:58:09.0039 23436 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:58:09.0095 23436 ose - ok
23:58:09.0162 23436 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:58:09.0185 23436 p2pimsvc - ok
23:58:09.0198 23436 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
23:58:09.0205 23436 p2psvc - ok
23:58:09.0390 23436 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
23:58:09.0524 23436 Parport - ok
23:58:09.0629 23436 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:58:09.0646 23436 partmgr - ok
23:58:09.0703 23436 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
23:58:09.0706 23436 PcaSvc - ok
23:58:10.0166 23436 [ 58C1CD52347C4835DC3606CD4723F426 ] PCD5SRVC{048DBD20-445E8C82-05040104} C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms
23:58:10.0366 23436 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
23:58:10.0415 23436 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
23:58:10.0419 23436 pci - ok
23:58:10.0467 23436 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
23:58:10.0469 23436 pciide - ok
23:58:10.0503 23436 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:58:10.0506 23436 pcmcia - ok
23:58:10.0560 23436 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:58:10.0584 23436 PEAUTH - ok
23:58:10.0693 23436 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:58:10.0695 23436 PerfHost - ok
23:58:10.0782 23436 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
23:58:10.0838 23436 pla - ok
23:58:10.0905 23436 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:58:10.0912 23436 PlugPlay - ok
23:58:10.0926 23436 PnkBstrA - ok
23:58:10.0997 23436 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:58:11.0019 23436 PNRPAutoReg - ok
23:58:11.0034 23436 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:58:11.0043 23436 PNRPsvc - ok
23:58:11.0090 23436 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:58:11.0112 23436 PolicyAgent - ok
23:58:11.0181 23436 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:58:11.0183 23436 PptpMiniport - ok
23:58:11.0224 23436 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
23:58:11.0226 23436 Processor - ok
23:58:11.0281 23436 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
23:58:11.0288 23436 ProfSvc - ok
23:58:11.0330 23436 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
23:58:11.0332 23436 ProtectedStorage - ok
23:58:11.0407 23436 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:58:11.0409 23436 PSched - ok
23:58:11.0556 23436 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
23:58:11.0574 23436 PxHlpa64 - ok
23:58:11.0654 23436 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:58:11.0687 23436 ql2300 - ok
23:58:11.0721 23436 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:58:11.0724 23436 ql40xx - ok
23:58:11.0790 23436 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
23:58:11.0796 23436 QWAVE - ok
23:58:11.0806 23436 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:58:11.0808 23436 QWAVEdrv - ok
23:58:12.0114 23436 [ 4284FB1240537A33E6EC417EFD87D40F ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:58:12.0192 23436 R300 - ok
23:58:12.0263 23436 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:58:12.0264 23436 RasAcd - ok
23:58:12.0319 23436 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
23:58:12.0322 23436 RasAuto - ok
23:58:12.0476 23436 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:58:12.0479 23436 Rasl2tp - ok
23:58:12.0533 23436 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
23:58:12.0540 23436 RasMan - ok
23:58:12.0613 23436 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:58:12.0702 23436 RasPppoe - ok
23:58:12.0788 23436 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:58:12.0832 23436 RasSstp - ok
23:58:12.0870 23436 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:58:12.0875 23436 rdbss - ok
23:58:12.0942 23436 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:58:12.0944 23436 RDPCDD - ok
23:58:12.0993 23436 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:58:12.0999 23436 rdpdr - ok
23:58:13.0032 23436 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:58:13.0033 23436 RDPENCDD - ok
23:58:13.0128 23436 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:58:13.0173 23436 RDPWD - ok
23:58:13.0233 23436 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:58:13.0236 23436 RemoteAccess - ok
23:58:13.0304 23436 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:58:13.0309 23436 RemoteRegistry - ok
23:58:13.0407 23436 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
23:58:13.0408 23436 RpcLocator - ok
23:58:13.0538 23436 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
23:58:13.0544 23436 RpcSs - ok
23:58:13.0624 23436 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:58:13.0626 23436 rspndr - ok
23:58:13.0780 23436 [ BA9306C027A92A7ED685F7C6E2D2B00B ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
23:58:13.0859 23436 RTSTOR - ok
23:58:13.0909 23436 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
23:58:13.0910 23436 SamSs - ok
23:58:13.0992 23436 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:58:14.0017 23436 sbp2port - ok
23:58:14.0248 23436 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
23:58:14.0282 23436 SBSDWSCService - ok
23:58:14.0382 23436 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:58:14.0386 23436 SCardSvr - ok
23:58:14.0505 23436 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
23:58:14.0572 23436 Schedule - ok
23:58:14.0715 23436 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:58:14.0716 23436 SCPolicySvc - ok
23:58:14.0782 23436 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:58:14.0785 23436 SDRSVC - ok
23:58:14.0838 23436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:58:14.0877 23436 secdrv - ok
23:58:14.0992 23436 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
23:58:14.0994 23436 seclogon - ok
23:58:15.0004 23436 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
23:58:15.0007 23436 SENS - ok
23:58:15.0039 23436 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:58:15.0042 23436 Serenum - ok
23:58:15.0097 23436 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
23:58:15.0099 23436 Serial - ok
23:58:15.0113 23436 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:58:15.0114 23436 sermouse - ok
23:58:15.0183 23436 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
23:58:15.0186 23436 SessionEnv - ok
23:58:15.0250 23436 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:58:15.0252 23436 sffdisk - ok
23:58:15.0303 23436 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:58:15.0312 23436 sffp_mmc - ok
23:58:15.0513 23436 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:58:15.0572 23436 sffp_sd - ok
23:58:15.0639 23436 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:58:15.0641 23436 sfloppy - ok
23:58:15.0718 23436 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:58:15.0725 23436 SharedAccess - ok
23:58:15.0777 23436 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:58:15.0784 23436 ShellHWDetection - ok
23:58:15.0875 23436 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:58:15.0877 23436 SiSRaid2 - ok
23:58:15.0897 23436 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:58:15.0899 23436 SiSRaid4 - ok
23:58:16.0004 23436 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
23:58:16.0170 23436 slsvc - ok
23:58:16.0299 23436 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:58:16.0302 23436 SLUINotify - ok
23:58:16.0422 23436 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:58:16.0424 23436 Smb - ok
23:58:16.0604 23436 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:58:16.0606 23436 SNMPTRAP - ok
23:58:16.0697 23436 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
23:58:16.0699 23436 spldr - ok
23:58:16.0753 23436 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
23:58:16.0759 23436 Spooler - ok
23:58:16.0819 23436 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
23:58:16.0823 23436 sprtsvc_DellSupportCenter - ok
23:58:16.0864 23436 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
23:58:16.0872 23436 srv - ok
23:58:16.0994 23436 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:58:17.0083 23436 srv2 - ok
23:58:17.0143 23436 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:58:17.0147 23436 srvnet - ok
23:58:17.0186 23436 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:58:17.0190 23436 SSDPSRV - ok
23:58:17.0211 23436 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:58:17.0214 23436 SstpSvc - ok
23:58:17.0440 23436 [ 5697FB5DCF36ADA09C153378E88AE6AD ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe
23:58:17.0444 23436 STacSV - ok
23:58:17.0580 23436 Steam Client Service - ok
23:58:17.0674 23436 [ F3F6C17F70EBA268CDBE4F9704E3EAC5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
23:58:17.0695 23436 STHDA - ok
23:58:17.0964 23436 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
23:58:17.0986 23436 stisvc - ok
23:58:18.0125 23436 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:58:18.0129 23436 stllssvr - ok
23:58:18.0159 23436 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:58:18.0161 23436 swenum - ok
23:58:18.0256 23436 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
23:58:18.0278 23436 swprv - ok
23:58:18.0300 23436 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:58:18.0302 23436 Symc8xx - ok
23:58:18.0416 23436 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:58:18.0417 23436 Sym_hi - ok
23:58:18.0434 23436 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:58:18.0436 23436 Sym_u3 - ok
23:58:18.0536 23436 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
23:58:18.0559 23436 SysMain - ok
23:58:18.0607 23436 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:58:18.0610 23436 TabletInputService - ok
23:58:18.0661 23436 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:58:18.0667 23436 TapiSrv - ok
23:58:18.0724 23436 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
23:58:18.0727 23436 TBS - ok
23:58:18.0796 23436 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:58:18.0852 23436 Tcpip - ok
23:58:18.0942 23436 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:58:18.0950 23436 Tcpip6 - ok
23:58:19.0133 23436 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:58:19.0163 23436 tcpipreg - ok
23:58:19.0260 23436 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:58:19.0262 23436 TDPIPE - ok
23:58:19.0284 23436 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:58:19.0285 23436 TDTCP - ok
23:58:19.0356 23436 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:58:19.0359 23436 tdx - ok
23:58:19.0391 23436 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:58:19.0393 23436 TermDD - ok
23:58:19.0435 23436 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
23:58:19.0460 23436 TermService - ok
23:58:19.0491 23436 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
23:58:19.0494 23436 Themes - ok
23:58:19.0532 23436 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
23:58:19.0534 23436 THREADORDER - ok
23:58:19.0577 23436 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
23:58:19.0581 23436 TrkWks - ok
23:58:19.0658 23436 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:58:19.0660 23436 TrustedInstaller - ok
23:58:19.0695 23436 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:58:19.0696 23436 tssecsrv - ok
23:58:19.0712 23436 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:58:19.0713 23436 tunmp - ok
23:58:19.0749 23436 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:58:19.0751 23436 tunnel - ok
23:58:19.0776 23436 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:58:19.0778 23436 uagp35 - ok
23:58:19.0811 23436 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:58:19.0829 23436 udfs - ok
23:58:19.0908 23436 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:58:19.0911 23436 UI0Detect - ok
23:58:19.0938 23436 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:58:19.0941 23436 uliagpkx - ok
23:58:19.0974 23436 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:58:19.0980 23436 uliahci - ok
23:58:20.0004 23436 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:58:20.0009 23436 UlSata - ok
23:58:20.0032 23436 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:58:20.0036 23436 ulsata2 - ok
23:58:20.0055 23436 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:58:20.0059 23436 umbus - ok
23:58:20.0098 23436 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
23:58:20.0105 23436 upnphost - ok
23:58:20.0186 23436 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:58:20.0188 23436 USBAAPL64 - ok
23:58:20.0230 23436 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:58:20.0245 23436 usbaudio - ok
23:58:20.0301 23436 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:58:20.0321 23436 usbccgp - ok
23:58:20.0336 23436 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:58:20.0339 23436 usbcir - ok
23:58:20.0378 23436 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:58:20.0380 23436 usbehci - ok
23:58:20.0419 23436 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:58:20.0427 23436 usbhub - ok
23:58:20.0463 23436 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:58:20.0464 23436 usbohci - ok
23:58:20.0513 23436 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:58:20.0545 23436 usbprint - ok
23:58:20.0579 23436 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:58:20.0612 23436 usbscan - ok
23:58:20.0677 23436 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:58:20.0737 23436 USBSTOR - ok
23:58:20.0780 23436 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:58:20.0781 23436 usbuhci - ok
23:58:20.0837 23436 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:58:20.0882 23436 usbvideo - ok
23:58:20.0935 23436 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
23:58:20.0946 23436 UxSms - ok
23:58:20.0982 23436 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
23:58:20.0991 23436 vds - ok
23:58:21.0018 23436 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:58:21.0020 23436 vga - ok
23:58:21.0082 23436 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:58:21.0084 23436 VgaSave - ok
23:58:21.0106 23436 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
23:58:21.0108 23436 viaide - ok
23:58:21.0113 23436 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:58:21.0115 23436 volmgr - ok
23:58:21.0189 23436 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:58:21.0196 23436 volmgrx - ok
23:58:21.0349 23436 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:58:21.0354 23436 volsnap - ok
23:58:21.0389 23436 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:58:21.0392 23436 vsmraid - ok
23:58:21.0468 23436 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
23:58:21.0502 23436 VSS - ok
23:58:21.0648 23436 [ F117D00BBB401C61CE3E9F3B846D0821 ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
23:58:21.0693 23436 vToolbarUpdater13.2.0 - ok
23:58:21.0784 23436 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
23:58:21.0792 23436 W32Time - ok
23:58:21.0852 23436 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:58:21.0854 23436 WacomPen - ok
23:58:21.0895 23436 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:58:21.0917 23436 Wanarp - ok
23:58:21.0921 23436 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:58:21.0922 23436 Wanarpv6 - ok
23:58:22.0042 23436 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:58:22.0064 23436 wcncsvc - ok
23:58:22.0117 23436 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:58:22.0119 23436 WcsPlugInService - ok
23:58:22.0152 23436 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
23:58:22.0153 23436 Wd - ok
23:58:22.0232 23436 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:58:22.0253 23436 Wdf01000 - ok
23:58:22.0287 23436 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:58:22.0290 23436 WdiServiceHost - ok
23:58:22.0295 23436 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:58:22.0297 23436 WdiSystemHost - ok
23:58:22.0328 23436 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
23:58:22.0333 23436 WebClient - ok
23:58:22.0418 23436 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:58:22.0424 23436 Wecsvc - ok
23:58:22.0568 23436 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:58:22.0572 23436 wercplsupport - ok
23:58:22.0636 23436 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
23:58:22.0640 23436 WerSvc - ok
23:58:22.0724 23436 WinHttpAutoProxySvc - ok
23:58:22.0842 23436 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:58:22.0846 23436 Winmgmt - ok
23:58:23.0066 23436 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
23:58:23.0111 23436 WinRM - ok
23:58:23.0165 23436 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:58:23.0188 23436 Wlansvc - ok
23:58:23.0343 23436 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:58:23.0421 23436 wlidsvc - ok
23:58:23.0516 23436 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:58:23.0517 23436 WmiAcpi - ok
23:58:23.0593 23436 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:58:23.0597 23436 wmiApSrv - ok
23:58:23.0651 23436 WMPNetworkSvc - ok
23:58:23.0719 23436 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:58:23.0723 23436 WPCSvc - ok
23:58:23.0756 23436 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:58:23.0760 23436 WPDBusEnum - ok
23:58:23.0915 23436 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:58:23.0949 23436 WpdUsb - ok
23:58:24.0167 23436 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:58:24.0200 23436 WPFFontCache_v0400 - ok
23:58:24.0244 23436 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:58:24.0245 23436 ws2ifsl - ok
23:58:24.0464 23436 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
23:58:24.0467 23436 wscsvc - ok
23:58:24.0471 23436 WSearch - ok
23:58:24.0608 23436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:58:24.0730 23436 wuauserv - ok
23:58:24.0975 23436 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:58:24.0977 23436 WUDFRd - ok
23:58:25.0017 23436 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:58:25.0021 23436 wudfsvc - ok
23:58:25.0095 23436 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:58:25.0117 23436 YahooAUService - ok
23:58:25.0270 23436 yksvc - ok
23:58:25.0327 23436 [ B681CADB266B151061E7BAA82B0D77B7 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
23:58:25.0335 23436 yukonx64 - ok
23:58:25.0396 23436 ================ Scan global ===============================
23:58:25.0495 23436 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
23:58:25.0551 23436 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
23:58:25.0595 23436 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
23:58:25.0693 23436 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
23:58:25.0700 23436 [Global] - ok
23:58:25.0700 23436 ================ Scan MBR ==================================
23:58:25.0735 23436 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
23:58:25.0736 23436 Suspicious mbr (Forged): \Device\Harddisk0\DR0
23:58:25.0876 23436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
23:58:25.0876 23436 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
23:58:25.0876 23436 ================ Scan VBR ==================================
23:58:25.0913 23436 [ BB9CCD74F497C0A6B47055BCA02E406F ] \Device\Harddisk0\DR0\Partition1
23:58:25.0914 23436 \Device\Harddisk0\DR0\Partition1 - ok
23:58:25.0918 23436 [ D3534D7D899B2BB512AB7E7B27780884 ] \Device\Harddisk0\DR0\Partition2
23:58:25.0920 23436 \Device\Harddisk0\DR0\Partition2 - ok
23:58:25.0920 23436 ============================================================
23:58:25.0920 23436 Scan finished
23:58:25.0920 23436 ============================================================
23:58:25.0932 41488 Detected object count: 1
23:58:25.0933 41488 Actual detected object count: 1
23:58:34.0091 41488 \Device\Harddisk0\DR0\# - copied to quarantine
23:58:34.0093 41488 \Device\Harddisk0\DR0 - copied to quarantine
23:58:34.0180 41488 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:58:34.0183 41488 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:58:34.0200 41488 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:58:34.0209 41488 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:58:34.0211 41488 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:58:34.0212 41488 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:58:34.0214 41488 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:58:34.0216 41488 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:58:34.0218 41488 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:58:34.0220 41488 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:58:34.0221 41488 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:58:34.0390 41488 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:58:34.0667 41488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:58:34.0758 41488 \Device\Harddisk0\DR0 - ok
23:58:35.0123 41488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:58:47.0334 22716 Deinitialize success
 
Good :)

Re-run MBAM and post new log.

Next...

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
New MBAM log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.23.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Keegan :: KEEGAN-PC [administrator]

11/23/2012 11:26:32 AM
mbam-log-2012-11-23 (11-26-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 239870
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)
RKreport.txt:
RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Keegan [Admin rights]
Mode : Scan -- Date : 11/23/2012 11:21:10
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[STARTUP][SUSP PATH] PowerReg Scheduler.exe @Keegan : C:\Users\Keegan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\n.) -> FOUND
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\@ --> FOUND
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++
--- User ---
[MBR] 1205de7719c5be6b1bcdf49d2b93432e
[BSP] 4b314049cc507ea6f5e327c387c26c5c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_11232012_02d1121.txt >>
RKreport[1]_S_11232012_02d1121.txt

aswMBR scan in progress
 
aswMBR.txt:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-23 11:52:07
-----------------------------
11:52:07.048 OS Version: Windows x64 6.0.6002 Service Pack 2
11:52:07.048 Number of processors: 2 586 0x170A
11:52:07.049 ComputerName: KEEGAN-PC UserName: Keegan
11:52:08.854 Initialize success
11:52:15.035 AVAST engine defs: 12112301
11:52:30.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:52:30.422 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
11:52:30.439 Disk 0 MBR read successfully
11:52:30.440 Disk 0 MBR scan
11:52:30.443 Disk 0 Windows VISTA default MBR code
11:52:30.445 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
11:52:30.460 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
11:52:30.478 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30801920
11:52:30.512 Disk 0 scanning C:\Windows\system32\drivers
11:52:41.054 Service scanning
11:53:10.239 Modules scanning
11:53:10.243 Disk 0 trace - called modules:
11:53:10.261 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
11:53:10.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800472e760]
11:53:10.268 3 CLASSPNP.SYS[fffffa60013d5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045d1050]
11:53:11.766 AVAST engine scan C:\Windows
11:53:16.601 AVAST engine scan C:\Windows\system32
11:59:37.434 AVAST engine scan C:\Windows\system32\drivers
11:59:52.566 AVAST engine scan C:\Users\Keegan
12:35:58.109 AVAST engine scan C:\ProgramData
12:39:13.443 Scan finished successfully
13:01:33.563 Disk 0 MBR has been saved successfully to "C:\Users\Keegan\Desktop\MBR.dat"
13:01:33.566 The log file has been saved successfully to "C:\Users\Keegan\Desktop\aswMBR.txt"
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

********************************************

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Looking at my desktop I realized I missed a 2nd RKreport.

RKreport[2]:

RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Keegan [Admin rights]
Mode : Remove -- Date : 11/23/2012 11:22:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤
[STARTUP][SUSP PATH] PowerReg Scheduler.exe @Keegan : C:\Users\Keegan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Users\Default\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++
--- User ---
[MBR] 1205de7719c5be6b1bcdf49d2b93432e
[BSP] 4b314049cc507ea6f5e327c387c26c5c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11232012_02d1122.txt >>
RKreport[1]_S_11232012_02d1121.txt ; RKreport[2]_D_11232012_02d1122.txt
 
MBAR logs:

1st scan:
Malwarebytes Anti-Rootkit 1.1.0.1009
www.malwarebytes.org

Database version: v2012.11.23.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Keegan :: KEEGAN-PC [administrator]

11/23/2012 1:30:47 PM
mbar-log-2012-11-23 (13-30-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 25637
Time elapsed: 15 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee (Trojan.Siredef.C) -> Delete on reboot. [94ed4e6b1b426ccadec936ca31cf59a7]
C:\$Recycle.Bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee (Trojan.Siredef.C) -> Delete on reboot. [20613188fd60ac8a1d8a35cb06fab64a]

Files Detected: 0
(No malicious items detected)

(end)
2nd Scan:
Database version: v2012.11.23.08
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Keegan :: KEEGAN-PC [administrator]
11/23/2012 2:16:59 PM
mbar-log-2012-11-23 (14-16-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 25569
Time elapsed: 12 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
system-log.txt:
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4292280320, free: 1377656832
------------ Kernel report ------------
11/23/2012 13:15:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\yk60x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\Amfltx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\drivers\RTSTOR64.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Users\Keegan\AppData\Local\Temp\aswMBR.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800472e760
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80045d1050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2012.11.23.08
Downloaded database version: v2012.11.19.01
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800472e760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800472e170, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800472e760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80045d1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff88014d870a0, 0xfffffa800472e760, 0xfffffa800d888790
Lower DeviceData: 0xfffff8801302b750, 0xfffffa80045d1050, 0xfffffa800cf27be0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A7C51DD
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 81920 Numsec = 30720000
Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 30801920 Numsec = 457593200
Partition file system is NTFS
Partition is bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\AVG2013\chjw\ee94845794842465.dat" is sparse (flags = 32768)
Read File: File "C:\ProgramData\{F8999601-BE77-433E-A70A-B7766E47AE73}\Impulse_setup.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{F8999601-BE77-433E-A70A-B7766E47AE73}\instance.dat" is compressed (flags = 1)
Infected: C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee --> [Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occured
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4292280320, free: 2694537216
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1009
(c) Malwarebytes Corporation 2011-2012
OS version: 6.0.6002 Windows Vista Service Pack 2 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 4292280320, free: 2190307328
------------ Kernel report ------------
11/23/2012 14:04:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iastor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\NETw5v64.sys
\SystemRoot\system32\DRIVERS\yk60x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\Amfltx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\avgtdia.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\RTSTOR64.SYS
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004743060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80045ea050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004743060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004743b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004743060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80045ea050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xfffff880125a6200, 0xfffffa8004743060, 0xfffffa80048ab790
Lower DeviceData: 0xfffff880118f68f0, 0xfffffa80045ea050, 0xfffffa8004a7e1c0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1A7C51DD
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 80262
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 81920 Numsec = 30720000
Partition 2 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 30801920 Numsec = 457593200
Partition file system is NTFS
Partition is bootable
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 250059350016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
Done!
Performing system, memory and registry scan...
Read File: File "C:\ProgramData\AVG2013\chjw\ee94845794842465.dat" is sparse (flags = 32768)
Read File: File "C:\ProgramData\{F8999601-BE77-433E-A70A-B7766E47AE73}\Impulse_setup.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{F8999601-BE77-433E-A70A-B7766E47AE73}\instance.dat" is compressed (flags = 1)
Done!
Scan finished
=======================================
 
Good :)

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Combofix log:


.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 272896]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
FF - ProfilePath - c:\users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|https://www.hclib...yahoo.com/dc/launch?.gx=0&.rand=fkbf7tgsnqi6g
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 63f8ff47-6343-4d43-ac03-6abe8cc75bab
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Notify-GoToAssist - (no file)
SafeBoot-86907423.sys
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{27310A4F-6A97-43C0-928C-FE5313B9949B} - c:\programdata\{35A5F47B-6BCE-46EE-967E-F62A1D87D879}\FFOv2011-8_Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1476232679-447080670-1737744086-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,03,8f,b0,79,7f,e5,de,56,a3,73,e0,b0,69,bf,4a,ef,cb,be,09,22,
05,f5,9d,6f,f1,48,b8,7c,1c,91,26,29,6d,81,ce,5e,35,9a,f0,2f,37,2d,5c,32,69,\
"rkeysecu"=hex:f9,b9,a5,c9,53,c4,75,c1,72,92,cd,bb,bf,36,7e,13
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-11-23 20:18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-24 02:18
.
Pre-Run: 13,648,277,504 bytes free
Post-Run: 14,976,585,728 bytes free
.
- - End Of File - - 39D03B18EC660819B622446B17513814
 
Got it; combofix.txt:

ComboFix 12-11-23.02 - Keegan 11/23/2012 19:59:03.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2379 [GMT -6:00]
Running from: c:\users\Keegan\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\users\Keegan\Documents\~WRL0003.tmp
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 02:06 . 2012-11-24 02:10--------d-----w-c:\users\Keegan\AppData\Local\temp
2012-11-23 05:58 . 2012-11-23 05:58--------d-----w-C:\TDSSKiller_Quarantine
2012-11-21 01:03 . 2012-11-21 01:03--------d-----w-c:\users\Keegan\AppData\Roaming\Malwarebytes
2012-11-21 01:03 . 2012-11-21 01:03--------d-----w-c:\programdata\Malwarebytes
2012-11-21 01:03 . 2012-11-21 01:03--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-21 01:03 . 2012-09-30 01:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-20 06:07 . 2012-11-20 06:42--------d-----w-c:\programdata\Spybot - Search & Destroy
2012-11-20 06:07 . 2012-11-20 06:09--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
2012-11-20 02:38 . 2012-11-20 02:38--------d-----w-c:\program files (x86)\LogMeIn Hamachi
2012-11-15 21:16 . 2012-11-15 21:16--------d-----w-c:\users\Keegan\AppData\Local\IIIU
2012-11-15 21:13 . 2012-11-15 21:14--------d-----w-c:\program files (x86)\GoforFiles
2012-11-15 21:13 . 2012-11-15 21:13--------d-----w-c:\users\Keegan\AppData\Roaming\GoforFiles
2012-11-14 21:02 . 2012-11-21 22:06--------d-----w-C:\found.000
2012-11-13 20:28 . 2012-09-25 16:3191648----a-w-c:\windows\system32\synceng.dll
2012-11-13 20:28 . 2012-09-25 16:1975776----a-w-c:\windows\SysWow64\synceng.dll
2012-11-13 20:28 . 2012-10-12 14:532769920----a-w-c:\windows\system32\win32k.sys
2012-10-28 17:17 . 2012-10-28 17:17--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-14 08:37 . 2006-11-02 12:3566395536----a-w-c:\windows\system32\mrt.exe
2012-10-08 20:34 . 2012-04-04 01:13696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 20:34 . 2011-06-17 15:5973656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-19 23:45 . 2012-09-19 23:4695208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-19 23:45 . 2012-07-20 19:27821736----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-09-19 23:45 . 2010-10-17 04:05746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-09-13 13:45 . 2012-10-10 16:482048----a-w-c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-10 16:482048----a-w-c:\windows\SysWow64\tzres.dll
2012-08-29 11:40 . 2012-10-10 16:474699520----a-w-c:\windows\system32\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2008-12-17 206064]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe [2009-03-03 89600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:34]
.
2012-11-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-23 05:29]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 01:20]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 01:20]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476232679-447080670-1737744086-1000Core.job
- c:\users\Keegan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-17 01:40]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476232679-447080670-1737744086-1000UA.job
- c:\users\Keegan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-17 01:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 272896]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
FF - ProfilePath - c:\users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|https://www.hclib...yahoo.com/dc/launch?.gx=0&.rand=fkbf7tgsnqi6g
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - 63f8ff47-6343-4d43-ac03-6abe8cc75bab
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Notify-GoToAssist - (no file)
SafeBoot-86907423.sys
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{27310A4F-6A97-43C0-928C-FE5313B9949B} - c:\programdata\{35A5F47B-6BCE-46EE-967E-F62A1D87D879}\FFOv2011-8_Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
"ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1476232679-447080670-1737744086-1000\Software\SecuROM\License information*]
"datasecu"=hex:fb,03,8f,b0,79,7f,e5,de,56,a3,73,e0,b0,69,bf,4a,ef,cb,be,09,22,
05,f5,9d,6f,f1,48,b8,7c,1c,91,26,29,6d,81,ce,5e,35,9a,f0,2f,37,2d,5c,32,69,\
"rkeysecu"=hex:f9,b9,a5,c9,53,c4,75,c1,72,92,cd,bb,bf,36,7e,13
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-11-23 20:18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-24 02:18
.
Pre-Run: 13,648,277,504 bytes free
Post-Run: 14,976,585,728 bytes free
.
- - End Of File - - 39D03B18EC660819B622446B17513814
 
Looks good :)

Any current issues?

You can reinstall AVG now.

===========================

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

==========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Adwcleaner log:

# AdwCleaner v2.008 - Logfile created 11/23/2012 at 21:03:20
# Updated 17/11/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Keegan - KEEGAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Keegan\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\Ask
Folder Found : C:\Users\Keegan\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Keegan\AppData\Roaming\AVG Secure Search
Folder Found : C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={EC7F3533-F529-4E1D-9830-52AFAE9DEE90}&mid=5880512c526ea49a3628135b34d5fd8c-993c620a0638845eab78b62bac10aaf2f7d7189d&lang=en&ds=AVG&pr=fr&d=2011-09-27 11:38:57&v=9.0.0.22&sap=nt

-\\ Mozilla Firefox v11.0 (en-US)

Profile name : default
File : C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\prefs.js

Found : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4201 octets] - [23/11/2012 21:03:20]

########## EOF - C:\AdwCleaner[R1].txt - [4261 octets] ##########
 
When I scanned with Spybot:S&D and AVG after the MBAR scan but before combofix, the first set of scans found the lower teir malware that had been tagging along with the scvhost.exe trojan, but the main one was gone. Following removal procedures and a reboot a second set of scans ran clean.
 
OTL logs:

OTL.txt part 1:

OTL logfile created on: 11/23/2012 9:07:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keegan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.67% Memory free
9.88 Gb Paging File | 7.83 Gb Available in Paging File | 79.20% Paging File free
Paging file location(s): c:\pagefile.sys 6139 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 13.34 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.02 Gb Free Space | 41.11% Space Free | Partition Type: NTFS

Computer Name: KEEGAN-PC | User Name: Keegan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 21:04:15 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/23 21:04:15 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/11/23 21:00:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keegan\Desktop\OTL.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/02 16:58:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/07/07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/16 20:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/16 20:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/23 21:04:15 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/23 21:04:15 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/23 21:04:15 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/14 18:04:09 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
MOD - [2012/11/14 18:02:42 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7844c1ae91c8f584025756ad72e65176\System.Web.Services.ni.dll
MOD - [2012/11/14 18:02:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
MOD - [2012/11/14 15:11:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
MOD - [2012/11/14 15:11:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
MOD - [2012/11/14 15:11:04 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
MOD - [2012/11/14 15:10:06 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
MOD - [2012/11/14 15:09:56 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/07/07 09:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/07/07 09:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/07/07 09:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/07/07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/07/07 09:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2008/11/03 08:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/04 00:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/26 01:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 05:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2012/11/23 21:04:15 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/11/19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/08 14:34:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/04 09:25:41 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/02 16:58:37 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/16 20:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/23 21:04:15 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/04 00:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2012/07/04 00:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 00:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/03 23:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 20:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 01:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/08 20:02:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/09/08 20:02:10 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/12/22 03:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
DRV:64bit: - [2008/12/07 23:32:48 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/11/29 07:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/09/03 23:29:22 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/01 04:19:24 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV - [2008/11/04 17:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searc...install_date=20111112&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...af2f7d7189d&lang=en&ds=AVG&pr=fr&d=2012-11-23 21:04:38&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{BF03C3E9-1866-4CC7-A0AE-80F92FA21188}: "URL" = http://www.google.com/search?q={sea...ndex={startIndex?}&startPage={startPage}&rlz=
IE - HKCU\..\SearchScopes\{CDCA56E2-0D77-44ED-B9BF-38E5C42FC5BE}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=0A458938-9F56-4360-BB7D-8E932F1D7200
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig|https://ww...yahoo.com/dc/launch?.gx=0&.rand=fkbf7tgsnqi6g"
FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keegan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keegan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/02 01:47:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/16 17:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.4 [2012/11/23 21:04:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/05 13:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/25 07:27:35 | 000,000,000 | ---D | M]

[2012/04/05 18:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keegan\AppData\Roaming\Mozilla\Extensions
[2012/09/03 23:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\extensions
[2012/04/16 19:40:15 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\extensions\plugin@yontoo.com
[2012/09/03 23:22:39 | 000,224,693 | ---- | M] () (No name found) -- C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\extensions\fbphotozoom@installdaddy.com.xpi
[2012/09/19 17:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012/03/12 22:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/23 21:04:20 | 000,003,544 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/03/12 22:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 22:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.msn.com/?pc=Z129&install_date=20111112
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.msn.com/?pc=Z129&install_date=20111112
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: AVG Secure Search = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.4_0\
CHR - Extension: AVG Secure Search = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.4_0\.bak
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/11/23 20:10:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab (Reg Error: Key error.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AD0D0B8-9E06-423E-A34E-BC08B6EDFC8F}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Users\Keegan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Keegan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
One of the rules I posted at the very beginning says:
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
 
OTL.txt part 2:

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 21:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/11/23 21:04:46 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Local\AVG Secure Search
[2012/11/23 21:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/11/23 21:04:35 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/23 21:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/11/23 21:03:28 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/11/23 21:00:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Keegan\Desktop\OTL.exe
[2012/11/23 20:18:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/23 20:10:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/23 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Local\temp
[2012/11/23 19:54:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/23 19:54:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/23 19:54:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/23 19:54:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/11/23 19:54:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/23 19:54:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/23 19:30:40 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\Keegan\Desktop\ComboFix.exe
[2012/11/23 13:08:26 | 000,000,000 | ---D | C] -- C:\Users\Keegan\Desktop\mbar
[2012/11/23 11:25:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Keegan\Desktop\aswMBR.exe
[2012/11/23 11:20:03 | 000,000,000 | ---D | C] -- C:\Users\Keegan\Desktop\RK_Quarantine
[2012/11/22 23:58:32 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/22 23:51:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Keegan\Desktop\TDSSKiller.exe
[2012/11/20 19:03:53 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Roaming\Malwarebytes
[2012/11/20 19:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/20 19:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/20 19:03:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/20 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/20 00:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/20 00:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/20 00:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/19 20:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/11/19 20:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/11/15 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Local\IIIU
[2012/11/15 15:13:13 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Roaming\GoforFiles
[2012/11/15 15:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
[2012/11/14 15:02:37 | 000,000,000 | ---D | C] -- C:\found.000
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/23 21:04:51 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/23 21:04:15 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/23 21:00:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keegan\Desktop\OTL.exe
[2012/11/23 20:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 20:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/23 20:25:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476232679-447080670-1737744086-1000UA.job
[2012/11/23 20:10:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/23 20:09:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 20:09:29 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 20:09:29 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 20:09:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/23 20:09:17 | 4293,242,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 19:30:45 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\Keegan\Desktop\ComboFix.exe
[2012/11/23 18:25:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476232679-447080670-1737744086-1000Core.job
[2012/11/23 14:51:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/11/23 13:07:58 | 012,961,620 | ---- | M] () -- C:\Users\Keegan\Desktop\mbar-1.01.0.1009.zip
[2012/11/23 13:01:33 | 000,000,512 | ---- | M] () -- C:\Users\Keegan\Desktop\MBR.dat
[2012/11/23 11:41:46 | 000,755,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/23 11:41:46 | 000,640,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/23 11:41:46 | 000,118,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/23 11:25:52 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Keegan\Desktop\aswMBR.exe
[2012/11/23 11:20:03 | 000,750,080 | ---- | M] () -- C:\Users\Keegan\Desktop\RogueKiller.exe
[2012/11/23 02:54:34 | 000,013,312 | ---- | M] () -- C:\Users\Keegan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/22 00:07:50 | 545,417,675 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/21 21:41:39 | 000,000,229 | ---- | M] () -- C:\Windows\wininit.ini
[2012/11/19 21:09:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/19 16:29:16 | 000,002,611 | ---- | M] () -- C:\Users\Keegan\Desktop\Microsoft Office Word 2007.lnk
[2012/11/14 15:08:04 | 000,323,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/12 08:45:23 | 000,000,680 | ---- | M] () -- C:\Users\Keegan\AppData\Local\d3d9caps.dat
[2012/11/12 00:38:14 | 000,879,243 | ---- | M] () -- C:\Users\Keegan\.DLMSave_back.xml
[2012/11/12 00:38:14 | 000,879,243 | ---- | M] () -- C:\Users\Keegan\.DLMSave.xml
[2012/11/09 08:26:47 | 000,002,049 | ---- | M] () -- C:\Users\Keegan\Desktop\Google Chrome.lnk
[2012/11/09 08:26:47 | 000,002,011 | ---- | M] () -- C:\Users\Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/08 22:38:23 | 000,008,634 | ---- | M] () -- C:\Users\Keegan\AppData\Roaming\wklnhst.dat
[2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Keegan\Desktop\TDSSKiller.exe
[2012/10/28 21:13:10 | 000,001,866 | ---- | M] () -- C:\Users\Keegan\.Setting.ini
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/23 21:04:51 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/23 19:54:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/23 19:54:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/23 19:54:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/23 19:54:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/23 19:54:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/23 13:07:55 | 012,961,620 | ---- | C] () -- C:\Users\Keegan\Desktop\mbar-1.01.0.1009.zip
[2012/11/23 13:01:33 | 000,000,512 | ---- | C] () -- C:\Users\Keegan\Desktop\MBR.dat
[2012/11/23 11:19:28 | 000,750,080 | ---- | C] () -- C:\Users\Keegan\Desktop\RogueKiller.exe
[2012/11/22 00:21:07 | 4293,242,880 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/22 00:07:50 | 545,417,675 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/20 00:27:45 | 000,000,229 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/06 17:01:37 | 000,879,243 | ---- | C] () -- C:\Users\Keegan\.DLMSave_back.xml
[2012/09/26 22:14:53 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/08/10 12:38:07 | 000,027,520 | ---- | C] () -- C:\Users\Keegan\AppData\Local\dt.dat
[2012/07/02 16:58:19 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/02 16:58:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/17 13:36:37 | 000,000,600 | ---- | C] () -- C:\Users\Keegan\AppData\Roaming\winscp.rnd
[2012/01/13 17:20:16 | 000,879,243 | ---- | C] () -- C:\Users\Keegan\.DLMSave.xml
[2012/01/13 17:13:56 | 000,001,866 | ---- | C] () -- C:\Users\Keegan\.Setting.ini
[2011/10/30 20:02:09 | 000,751,312 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/27 00:00:51 | 000,136,804 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/02 13:43:30 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/26 13:19:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/21 12:32:37 | 000,013,312 | ---- | C] () -- C:\Users\Keegan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/01 09:09:56 | 000,000,680 | ---- | C] () -- C:\Users\Keegan\AppData\Local\d3d9caps.dat
[2009/06/25 19:58:34 | 000,000,947 | ---- | C] () -- C:\Users\Keegan\AppData\Roaming\DataSafeDotNet.exe
[2009/05/23 09:51:24 | 000,008,634 | ---- | C] () -- C:\Users\Keegan\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== LOP Check ==========

[2012/09/08 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\.minecraft
[2012/06/13 01:49:40 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Amazon
[2012/03/13 13:07:30 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\AVG
[2011/12/27 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\AVG Secure Search
[2012/10/17 14:26:58 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\AVG2013
[2012/01/25 18:13:17 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Dwarfs
[2012/01/27 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Free MP3 WMA OGG Converter
[2011/08/17 23:30:43 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\GetRightToGo
[2012/11/15 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\GoforFiles
[2011/12/29 00:06:00 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Kalypso Media
[2009/12/05 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Leadertech
[2012/09/26 22:15:42 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\MinMaxGames
[2012/03/08 02:29:26 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Notepad++
[2011/12/15 14:01:40 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\PunkBuster
[2009/09/09 10:39:47 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Stardock
[2010/06/30 15:13:39 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Template
[2011/02/24 15:59:18 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\The Creative Assembly
[2012/01/07 01:16:47 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Trine2
[2011/06/19 13:53:13 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Tropico 3
[2012/06/21 00:28:13 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Tropico 4
[2010/05/20 14:05:24 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Tropico3
[2012/06/21 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\TS3Client
[2011/07/03 22:29:53 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\ts3overlay
[2012/10/17 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\TuneUp Software
[2011/12/17 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Ubisoft
[2010/12/20 08:45:08 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\ZombieDriver

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
 
Extras.txt part 1:

OTL Extras logfile created on: 11/23/2012 9:07:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keegan\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.67% Memory free
9.88 Gb Paging File | 7.83 Gb Available in Paging File | 79.20% Paging File free
Paging file location(s): c:\pagefile.sys 6139 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 13.34 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 6.02 Gb Free Space | 41.11% Space Free | Partition Type: NTFS

Computer Name: KEEGAN-PC | User Name: Keegan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 75 C0 85 42 99 B4 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{66BD6B3E-8198-4823-9CF3-0B89C7F70B83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2C4F879-2F16-4CC4-ADAC-03897A9CA2BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{20713499-5977-4EF2-BB57-41A689856D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{54CF0A57-BE40-4BC1-AB1E-53A396692099}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DAA29C9-B0EE-45CF-9A6E-273323C42DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{6F90A830-C11B-46B2-B265-3FB477FF29F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9956D708-4491-4EBF-B914-21BEA564800D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADDDD165-F3EA-41FF-9D95-85C06E0FA915}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3EF65E5-A891-4422-AD3A-B5A13ED95F57}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F330F657-55AF-4DBF-943E-C385E61090FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{046A96C7-7F35-4067-9651-F1B2A61623A1}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{412452A9-36DB-4B30-8D3F-5AA09E06B038}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
 
Extras.txt part 2:

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A89B52D3-DA3F-1CA3-BD33-D53871D60081}" = ccc-utility64
"{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
"{C35E248C-1495-5D01-6992-2740FF8830E2}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"AVG" = AVG 2013
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{054C5EBD-1803-9B06-A201-63A1A8A5C365}" = CCC Help Danish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0FB8CBBF-CFBA-B7C5-6433-4F5132783C31}" = CCC Help Portuguese
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{143412FA-840C-6158-599F-2B32D0861F80}" = Catalyst Control Center Graphics Previews Common
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EA5B84-7055-65D9-7378-59750A15C6B5}" = CCC Help Russian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2680C5AE-EDC8-7A73-3D41-FCE9A2F22390}" = CCC Help German
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32E879B3-F89C-5385-78C8-4DE7730C5FA0}" = Catalyst Control Center
"{33D64034-5BC0-FF4F-6176-62ED61555CA8}" = CCC Help Thai
"{3CFAAB58-35C8-84C9-1391-8D4373714AFE}" = CCC Help Spanish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{453FDDF1-BA65-8D13-2E6F-1740190BB5C4}" = CCC Help Greek
"{4728A95D-FD9B-CEE9-9609-BB01B5F82A0B}" = CCC Help Turkish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4AFC194C-FEAD-B844-92C2-D0273872ECCF}" = CCC Help Dutch
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{5308F6BF-4660-926A-B611-0CBB32F44DD0}" = CCC Help Swedish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69425AB7-75BF-25FC-EB4F-D2EAE9D82AA5}" = CCC Help Hungarian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79839E2D-82B1-6DF1-97A6-6737E4404407}" = CCC Help Japanese
"{7C2D9B2C-D78C-EC0A-2337-612FD4799750}" = CCC Help Czech
"{7D9C2CBE-5941-0250-2922-804D0A506ED0}" = CCC Help Polish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9057D097-0563-6FFB-CDC6-DB2B2C5D1014}" = CCC Help Italian
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA387C7F-7413-9C5A-DB71-70E406A8A92E}" = CCC Help French
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B00F5097-1F34-D3EA-4FB9-8DD2FAFF66F4}" = CCC Help Finnish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42129AB-E528-9CB4-7C8B-3BFE648F5CD8}" = CCC Help Norwegian
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C1A27149-1897-8509-CBFC-2C96866C8AD6}" = CCC Help Korean
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DE54DD68-6E24-9B72-467A-DFEE00E6E9A8}" = CCC Help Chinese Traditional
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E9FDD18A-206A-9A43-AAE3-AB72EFFCD333}" = CCC Help Chinese Standard
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{ED524538-828E-1AD8-D0E1-E2E72C926EE0}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FCFE800F-8F42-1AC9-895C-10389CB90D86}" = Catalyst Control Center Localization All
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"Audacity_is1" = Audacity 1.2.6
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"eMusic Download Manager 5.0.5" = eMusic Download Manager
"Free MP3 WMA OGG Converter_is1" = Free MP3 WMA OGG Converter 8.2.5
"Google Updater" = Google Updater
"Guild Wars 2" = Guild Wars 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Impulse" = Impulse
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"Steam App 107200" = Space Pirates and Zombies
"Steam App 107800" = Rochard
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203770" = Crusader Kings II
"Steam App 35720" = Trine 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 41500" = Torchlight
"Steam App 440" = Team Fortress 2
"Steam App 560" = Left 4 Dead 2 Dedicated Server
"Steam App 564" = Left 4 Dead 2 Add-on Support
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.10 (32-bit)
"winscp3_is1" = WinSCP 4.3.6
"XiphQT" = Xiph QuickTime Components
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/22/2011 1:32:22 AM | Computer Name = Keegan-PC | Source = Application Error | ID = 1000
Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x4e9f441f,
exception code 0xc0000005, fault offset 0x67f4f1e9, process id 0x12d4, application
start time 0x01cc9074645e75e0.

Error - 10/22/2011 2:01:06 PM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
Description = The program steam.exe version 1.0.1065.11 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1fb8 Start Time: 01cc901d811aa480 Termination Time: 7815

Error - 10/22/2011 2:02:02 PM | Computer Name = Keegan-PC | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/22/2011 2:06:03 PM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1744 Start Time: 01cc90610069e870 Termination Time: 985

Error - 10/23/2011 1:57:47 AM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 10c4 Start Time: 01cc912874dfb8c0 Termination Time: 20151

Error - 10/23/2011 3:38:01 AM | Computer Name = Keegan-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 10/23/2011 9:08:49 PM | Computer Name = Keegan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb7341c,
exception code 0xc0000374, fault offset 0x000abdcb, process id 0x2604, application
start time 0x01cc91aaf984ce80.

Error - 10/25/2011 9:43:27 PM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e00 Start Time: 01cc937f0063ec60 Termination Time: 14

Error - 10/26/2011 5:44:43 PM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: ae4 Start Time: 01cc9420e699df90 Termination Time: 14

Error - 10/27/2011 12:21:33 AM | Computer Name = Keegan-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 12/15/2011 2:54:15 PM | Computer Name = Keegan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/5/2012 5:10:23 AM | Computer Name = Keegan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 2/23/2012 12:08:55 AM | Computer Name = Keegan-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 11/23/2012 9:49:04 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/23/2012 9:49:04 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/23/2012 9:49:04 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 11/23/2012 9:52:20 PM | Computer Name = Keegan-PC | Source = DCOM | ID = 10010
Description =

Error - 11/23/2012 10:03:24 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/23/2012 10:06:31 PM | Computer Name = Keegan-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 11/23/2012 10:08:21 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 11/23/2012 10:09:40 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/23/2012 10:09:40 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/23/2012 10:09:41 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKCU\..\SearchScopes\{CDCA56E2-0D77-44ED-B9BF-38E5C42FC5BE}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=0A458938-9F56-4360-BB7D-8E932F1D7200
    FF - prefs.js..browser.search.order.1: "Ask.com"
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
    O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab (Reg Error: Key error.)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
OTL with fixes log:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDCA56E2-0D77-44ED-B9BF-38E5C42FC5BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDCA56E2-0D77-44ED-B9BF-38E5C42FC5BE}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
Starting removal of ActiveX control {10000000-1000-1000-1000-100000000000}
C:\Windows\Downloaded Program Files\WebInstallRunner.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-1000-1000-100000000000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10000000-1000-1000-1000-100000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10000000-1000-1000-1000-100000000000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10000000-1000-1000-1000-100000000000}\ not found.
Starting removal of ActiveX control {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
Starting removal of ActiveX control {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}
C:\Windows\Downloaded Program Files\BP4FUpdater.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56519 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 26572330 bytes
->Flash cache emptied: 1239 bytes

User: Keegan
->Temp folder emptied: 19995855 bytes
->Temporary Internet Files folder emptied: 21207103 bytes
->Java cache emptied: 136168 bytes
->FireFox cache emptied: 58837265 bytes
->Google Chrome cache emptied: 249435218 bytes
->Flash cache emptied: 315589 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7110 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 359.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest

User: Keegan
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Keegan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11232012_213904

Files\Folders moved on Reboot...
File\Folder C:\Users\Keegan\AppData\Local\Temp\etilqs_D2eiB0iKvfkwDdX not found!
File\Folder C:\Users\Keegan\AppData\Local\Temp\etilqs_haZAlCKMSmAh33A not found!
File\Folder C:\Users\Keegan\AppData\Local\Temp\etilqs_Qp1efDcX1ruRjso not found!
C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Back