TechSpot

Trojan Generic30.wav in C:\Windows\scvhost.exe

Solved
By DonkeyHote
Nov 22, 2012
  1. This trojan has proved resistant to removal. Scanning with AVG, MBAM, and Spybot: Search&Destroy find a trojan in scvhost.exe. All 3 report it removed after following their removal procedures, but after rebooting as requested by AVG and MBAM and scanning again the trojan is found again. In addition to the Trojan Generic30.wav in scvhost.exe, AVG reports Trojan Generic30.wav in C:\Windows\system32\csrss.exe and in C:\Windows\system32\smss.exe as well. Spybot:S&D reports it as Smitfraud-C.generic: [SBI $5926A588] in C:\Windows\scvhost.exe.

    Logs requested by preliminary instructions:
    MBAM:
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.11.22.01
    Windows Vista Service Pack 2 x64 NTFS (Safe Mode)
    Internet Explorer 9.0.8112.16421
    Keegan :: KEEGAN-PC [administrator]
    11/22/2012 12:11:05 AM
    mbam-log-2012-11-22 (00-11-05).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 237270
    Time elapsed: 6 minute(s), 32 second(s)
    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 1116 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    (end)
    DDS:
    DDS.txt:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
    Run by Keegan at 17:07:01 on 2012-11-22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1929 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\RUNDLL32.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig
    uSearch Bar = Preserve
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Google Update] "C:\Users\Keegan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    StartupFolder: C:\Users\Keegan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
    DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: Interfaces\{8AD0D0B8-9E06-423E-A34E-BC08B6EDFC8F} : DHCPNameServer = 75.75.76.76 75.75.75.75
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableLUA = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|https://www.hclib...yahoo.com/dc/launch?.gx=0&.rand=fkbf7tgsnqi6g
    FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={EC7F3533-F529-4E1D-9830-52AFAE9DEE90}&mid=5880512c526ea49a3628135b34d5fd8c-993c620a0638845eab78b62bac10aaf2f7d7189d&lang=en&ds=AVG&pr=fr&d=2012-10-17 14:57:02&v=13.2.0.1&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: C:\Users\Keegan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - 63f8ff47-6343-4d43-ac03-6abe8cc75bab
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    .
    FF - user.js: extensions.autoDisableScopes - 14
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-4-23 55856]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 30568]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe [2010-6-16 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-11-19 2462128]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-20 1153368]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-10-17 711112]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64coinst,serviceStartProc --> RUNDLL32.EXE ykx64coinst,serviceStartProc [?]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-4-23 4735488]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-23 392192]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate1ca23909c942c0;Google Update Service (gupdate1ca23909c942c0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-22 133104]
    S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-4 28152]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-11 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-11-14 08:37:01 66395536 ----a-w- C:\Windows\System32\mrt.exe
    2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-10-17 19:56:47 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-10-12 14:53:34 2769920 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-08 20:34:22 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 20:34:22 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-04 03:03:05 17811968 ----a-w- C:\Windows\System32\mshtml.dll
    2012-10-04 02:24:36 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2012-10-04 02:18:45 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-10-04 02:12:16 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2012-10-04 02:11:22 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-04 02:10:43 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-04 02:10:19 237056 ----a-w- C:\Windows\System32\url.dll
    2012-10-04 02:08:50 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-10-04 02:07:11 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-04 02:07:01 816640 ----a-w- C:\Windows\System32\jscript.dll
    2012-10-04 02:06:55 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-10-04 02:05:40 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-10-04 02:04:55 2144768 ----a-w- C:\Windows\System32\iertutil.dll
    2012-10-04 02:03:48 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-10-04 02:03:26 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-04 01:59:12 248320 ----a-w- C:\Windows\System32\ieui.dll
    2012-10-03 23:00:04 12320768 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-10-03 22:35:48 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-10-03 22:30:48 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-03 22:22:51 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-10-03 22:21:58 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-03 22:21:57 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-03 22:20:53 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2012-10-03 22:19:28 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-10-03 22:18:27 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-03 22:18:10 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2012-10-03 22:18:01 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-03 22:16:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-10-03 22:16:03 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-10-03 22:15:16 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-10-03 22:14:47 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 22:11:09 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-09-25 16:31:19 91648 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-25 16:19:41 75776 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2012-09-19 23:45:43 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-19 23:45:42 246760 ----a-w- C:\Windows\SysWow64\javaws.exe
    2012-09-19 23:45:42 174056 ----a-w- C:\Windows\SysWow64\javaw.exe
    2012-09-19 23:45:42 174056 ----a-w- C:\Windows\SysWow64\java.exe
    2012-09-19 23:45:41 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-09-19 23:45:41 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2012-09-13 13:45:46 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-13 13:28:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-29 11:40:01 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
    .
    ============= FINISH: 17:07:13.56 ===============
     
  2. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 4/23/2009 3:35:53 AM
    System Uptime: 11/22/2012 11:01:13 AM (6 hours ago)
    .
    Motherboard: Dell Inc. | | 0G437N
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2401/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 218 GiB total, 9.519 GiB free.
    E: is FIXED (NTFS) - 15 GiB total, 6.022 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Hamachi Network Interface
    Device ID: ROOT\NET\0000
    Manufacturer: LogMeIn, Inc.
    Name: Hamachi Network Interface
    PNP Device ID: ROOT\NET\0000
    Service: hamachi
    .
    ==== System Restore Points ===================
    .
    RP955: 11/18/2012 7:14:41 PM - Scheduled Checkpoint
    RP956: 11/19/2012 9:34:38 AM - Scheduled Checkpoint
    RP957: 11/20/2012 12:26:52 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Amazon MP3 Downloader 1.0.17
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.2.6
    AVG 2013
    AVG PC Tuneup
    AVG Security Toolbar
    Banctec Service Agreement
    Battlefield Play4Free
    Bing Rewards Client Installer
    Bonjour
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Choice Guard
    Compatibility Pack for the 2007 Office system
    Crusader Kings II
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center (Support Software)
    Dell Touchpad
    DELL0703
    DivX Setup
    eMusic Download Manager
    EPSON Printer Software
    Free MP3 WMA OGG Converter 8.2.5
    Google Chrome
    Google Update Helper
    Google Updater
    Guild Wars 2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    IDT Audio
    Impulse
    Intel(R) Rapid Storage Technology
    Intel® Matrix Storage Manager
    iTunes
    Java 7 Update 7
    Java Auto Updater
    Junk Mail filter update
    LAME v3.98.2 for Audacity
    Left 4 Dead 2 Add-on Support
    Left 4 Dead 2 Dedicated Server
    LogMeIn Hamachi
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft UI Engine
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works
    Microsoft XNA Framework Redistributable 4.0
    Mozilla Firefox 11.0 (x86 en-US)
    MSVCRT
    Notepad++
    NVIDIA PhysX
    OpenAL
    Orcs Must Die! 2
    Plants vs. Zombies: Game of the Year
    PowerDVD
    Quickset
    QuickTime
    Resource Hacker Version 3.6.0
    Rochard
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    SlimDX Redistributable (March 2009)
    Space Pirates and Zombies
    Spybot - Search & Destroy
    Steam
    swMSM
    System Requirements Lab CYRI
    Team Fortress 2
    TeamSpeak 3 Client
    Torchlight
    Trine 2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Ventrilo Client for Windows x64
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.3
    VoiceOver Kit
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.01 (64-bit)
    WinRAR 4.10 (32-bit)
    WinSCP 4.3.6
    Xiph QuickTime Components
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/22/2012 12:11:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/22/2012 12:10:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/22/2012 12:10:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/22/2012 12:10:34 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/22/2012 12:09:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/22/2012 12:09:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/22/2012 12:09:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/22/2012 12:09:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/22/2012 12:09:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/22/2012 12:09:15 AM, Error: EventLog [6008] - The previous system shutdown at 12:06:14 AM on 11/22/2012 was unexpected.
    11/22/2012 11:08:13 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    11/22/2012 11:02:47 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    11/22/2012 11:02:47 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 PCI Express Network Connection Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/22/2012 11:02:47 AM, Error: Service Control Manager [7000] - The Intel(R) PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/21/2012 9:53:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate1ca23909c942c0) service to connect.
    11/21/2012 9:53:04 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate1ca23909c942c0) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/21/2012 9:53:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate1ca23909c942c0 with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
    11/21/2012 6:39:33 PM, Error: EventLog [6008] - The previous system shutdown at 6:25:57 PM on 11/21/2012 was unexpected.
    11/21/2012 2:10:48 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    11/21/2012 11:28:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 spldr Wanarpv6
    11/21/2012 11:28:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
    11/21/2012 11:28:30 AM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/21/2012 1:10:23 PM, Error: EventLog [6008] - The previous system shutdown at 1:08:48 PM on 11/21/2012 was unexpected.
    11/20/2012 7:16:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    11/20/2012 7:16:27 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/20/2012 12:50:55 AM, Error: Service Control Manager [7034] - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    11/20/2012 12:41:13 AM, Error: Service Control Manager [7000] - The Hamachi Network Interface service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/20/2012 11:51:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    11/20/2012 11:51:10 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/19/2012 9:20:32 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {73C9DFA0-750D-11E1-B0C4-0800200C9A66}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -Embedding
    11/19/2012 8:38:36 PM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    11/19/2012 8:38:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    11/19/2012 8:38:36 PM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/19/2012 7:31:54 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 5.151.212.110 for the Network Card with network address 7A790597D46E has been denied by the DHCP server 25.0.0.1 (The DHCP Server sent a DHCPNACK message).
    11/19/2012 7:29:18 AM, Error: EventLog [6008] - The previous system shutdown at 7:27:01 AM on 11/19/2012 was unexpected.
    11/19/2012 2:52:08 PM, Error: EventLog [6008] - The previous system shutdown at 2:50:18 PM on 11/19/2012 was unexpected.
    11/19/2012 10:22:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    11/18/2012 12:13:48 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Hamachi2Svc service.
    11/17/2012 12:57:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    11/17/2012 12:57:43 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/17/2012 12:57:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    11/17/2012 12:57:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    11/17/2012 12:57:14 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/16/2012 8:28:12 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.13.12.223 for the Network Card with network address 0022FB36CCB6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  4. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    TDSSKiller log part 1:

    23:57:19.0364 24536 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    23:57:19.0867 24536 ============================================================
    23:57:19.0867 24536 Current date / time: 2012/11/22 23:57:19.0867
    23:57:19.0867 24536 SystemInfo:
    23:57:19.0867 24536
    23:57:19.0867 24536 OS Version: 6.0.6002 ServicePack: 2.0
    23:57:19.0867 24536 Product type: Workstation
    23:57:19.0867 24536 ComputerName: KEEGAN-PC
    23:57:19.0955 24536 UserName: Keegan
    23:57:19.0955 24536 Windows directory: C:\Windows
    23:57:19.0955 24536 System windows directory: C:\Windows
    23:57:19.0955 24536 Running under WOW64
    23:57:19.0955 24536 Processor architecture: Intel x64
    23:57:19.0955 24536 Number of processors: 2
    23:57:19.0955 24536 Page size: 0x1000
    23:57:19.0955 24536 Boot type: Normal boot
    23:57:19.0955 24536 ============================================================
    23:57:21.0933 24536 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:57:21.0937 24536 ============================================================
    23:57:21.0937 24536 \Device\Harddisk0\DR0:
    23:57:21.0937 24536 MBR partitions:
    23:57:21.0937 24536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
    23:57:21.0937 24536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
    23:57:21.0937 24536 ============================================================
    23:57:21.0987 24536 C: <-> \Device\Harddisk0\DR0\Partition2
    23:57:22.0022 24536 E: <-> \Device\Harddisk0\DR0\Partition1
    23:57:22.0022 24536 ============================================================
    23:57:22.0022 24536 Initialize success
    23:57:22.0022 24536 ============================================================
    23:57:38.0717 23436 ============================================================
    23:57:38.0717 23436 Scan started
    23:57:38.0717 23436 Mode: Manual;
    23:57:38.0717 23436 ============================================================
    23:57:40.0299 23436 ================ Scan system memory ========================
    23:57:40.0299 23436 System memory - ok
    23:57:40.0299 23436 ================ Scan services =============================
    23:57:41.0242 23436 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
    23:57:41.0248 23436 ACPI - ok
    23:57:41.0634 23436 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:57:41.0636 23436 AdobeARMservice - ok
    23:57:41.0839 23436 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    23:57:41.0844 23436 AdobeFlashPlayerUpdateSvc - ok
    23:57:41.0909 23436 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    23:57:41.0917 23436 adp94xx - ok
    23:57:41.0978 23436 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
    23:57:42.0015 23436 adpahci - ok
    23:57:42.0053 23436 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    23:57:42.0056 23436 adpu160m - ok
    23:57:42.0078 23436 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    23:57:42.0082 23436 adpu320 - ok
    23:57:42.0152 23436 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    23:57:42.0153 23436 AeLookupSvc - ok
    23:57:42.0349 23436 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe
    23:57:42.0351 23436 AESTFilters - ok
    23:57:42.0528 23436 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
    23:57:42.0606 23436 AFD - ok
    23:57:42.0672 23436 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
    23:57:42.0673 23436 agp440 - ok
    23:57:42.0813 23436 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    23:57:42.0816 23436 aic78xx - ok
    23:57:42.0841 23436 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
    23:57:42.0843 23436 ALG - ok
    23:57:42.0911 23436 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
    23:57:42.0913 23436 aliide - ok
    23:57:43.0050 23436 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    23:57:43.0055 23436 AMD External Events Utility - ok
    23:57:43.0111 23436 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
    23:57:43.0177 23436 amdide - ok
    23:57:43.0242 23436 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    23:57:43.0475 23436 AmdK8 - ok
    23:57:43.0835 23436 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    23:57:44.0684 23436 amdkmdag - ok
    23:57:44.0736 23436 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    23:57:44.0743 23436 amdkmdap - ok
    23:57:44.0852 23436 [ 71AFF825B960731E2AE366467BC0D1F3 ] Amfilter C:\Windows\system32\DRIVERS\Amfltx64.sys
    23:57:44.0952 23436 Amfilter - ok
    23:57:45.0118 23436 [ 8F1DB3D133197AFFA3A721953EB0988C ] Amusbprt C:\Windows\system32\DRIVERS\Amusbx64.sys
    23:57:45.0149 23436 Amusbprt - ok
    23:57:45.0225 23436 [ 8C85C812569DF851E7A2159147323DFA ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    23:57:45.0259 23436 ApfiltrService - ok
    23:57:45.0406 23436 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
    23:57:45.0408 23436 Appinfo - ok
    23:57:45.0547 23436 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    23:57:45.0548 23436 Apple Mobile Device - ok
    23:57:45.0573 23436 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
    23:57:45.0575 23436 arc - ok
    23:57:45.0631 23436 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    23:57:45.0634 23436 arcsas - ok
    23:57:45.0817 23436 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    23:57:45.0842 23436 aspnet_state - ok
    23:57:45.0955 23436 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    23:57:45.0981 23436 AsyncMac - ok
    23:57:46.0061 23436 [ F988BB0690CD660318037908E9B8DBF7 ] atapi C:\Windows\system32\drivers\atapi.sys
    23:57:46.0062 23436 atapi - ok
    23:57:46.0402 23436 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    23:57:46.0474 23436 atikmdag - ok
    23:57:46.0562 23436 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
    23:57:46.0593 23436 atksgt - ok
    23:57:46.0744 23436 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    23:57:46.0752 23436 AudioEndpointBuilder - ok
    23:57:46.0867 23436 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    23:57:46.0869 23436 AudioSrv - ok
    23:57:47.0167 23436 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    23:57:47.0287 23436 AVGIDSAgent - ok
    23:57:47.0451 23436 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    23:57:47.0506 23436 AVGIDSDriver - ok
    23:57:47.0526 23436 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    23:57:47.0528 23436 AVGIDSHA - ok
    23:57:47.0660 23436 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    23:57:47.0664 23436 Avgldx64 - ok
    23:57:47.0817 23436 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    23:57:47.0821 23436 Avgloga - ok
    23:57:47.0860 23436 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    23:57:47.0862 23436 Avgmfx64 - ok
    23:57:47.0951 23436 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    23:57:47.0953 23436 Avgrkx64 - ok
    23:57:47.0968 23436 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    23:57:47.0972 23436 Avgtdia - ok
    23:57:48.0172 23436 [ A3B21D3CD9185734698AB4C5D7D8F182 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    23:57:48.0174 23436 avgtp - ok
    23:57:48.0486 23436 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    23:57:48.0489 23436 avgwd - ok
    23:57:48.0729 23436 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
    23:57:48.0737 23436 BFE - ok
    23:57:48.0851 23436 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
    23:57:48.0884 23436 BITS - ok
    23:57:49.0017 23436 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    23:57:49.0019 23436 blbdrive - ok
    23:57:49.0288 23436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    23:57:49.0296 23436 Bonjour Service - ok
    23:57:49.0361 23436 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    23:57:49.0363 23436 bowser - ok
    23:57:49.0403 23436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    23:57:49.0770 23436 BrFiltLo - ok
    23:57:49.0803 23436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    23:57:50.0048 23436 BrFiltUp - ok
    23:57:50.0176 23436 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
    23:57:50.0178 23436 Browser - ok
    23:57:50.0355 23436 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
    23:57:50.0357 23436 Brserid - ok
    23:57:50.0394 23436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    23:57:50.0396 23436 BrSerWdm - ok
    23:57:50.0409 23436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    23:57:50.0422 23436 BrUsbMdm - ok
    23:57:50.0443 23436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    23:57:50.0444 23436 BrUsbSer - ok
    23:57:50.0477 23436 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    23:57:50.0479 23436 BTHMODEM - ok
    23:57:50.0528 23436 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    23:57:50.0530 23436 cdfs - ok
    23:57:50.0565 23436 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    23:57:50.0567 23436 cdrom - ok
    23:57:50.0702 23436 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
    23:57:50.0704 23436 CertPropSvc - ok
    23:57:50.0812 23436 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
    23:57:50.0967 23436 circlass - ok
    23:57:51.0006 23436 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
    23:57:51.0012 23436 CLFS - ok
    23:57:51.0255 23436 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:57:51.0257 23436 clr_optimization_v2.0.50727_32 - ok
    23:57:51.0397 23436 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:57:51.0413 23436 clr_optimization_v2.0.50727_64 - ok
    23:57:51.0926 23436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:57:51.0929 23436 clr_optimization_v4.0.30319_32 - ok
    23:57:52.0041 23436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    23:57:52.0220 23436 clr_optimization_v4.0.30319_64 - ok
    23:57:52.0248 23436 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    23:57:52.0250 23436 CmBatt - ok
    23:57:52.0332 23436 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    23:57:52.0333 23436 cmdide - ok
    23:57:52.0433 23436 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    23:57:52.0435 23436 Compbatt - ok
    23:57:52.0439 23436 COMSysApp - ok
    23:57:52.0758 23436 cpuz132 - ok
    23:57:53.0001 23436 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    23:57:53.0003 23436 crcdisk - ok
    23:57:53.0071 23436 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    23:57:53.0074 23436 CryptSvc - ok
    23:57:53.0183 23436 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
    23:57:53.0204 23436 DcomLaunch - ok
    23:57:53.0547 23436 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    23:57:53.0549 23436 DfsC - ok
    23:57:53.0751 23436 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
    23:57:53.0985 23436 DFSR - ok
    23:57:54.0114 23436 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    23:57:54.0119 23436 Dhcp - ok
    23:57:54.0151 23436 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
    23:57:54.0153 23436 disk - ok
    23:57:54.0197 23436 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    23:57:54.0240 23436 Dnscache - ok
    23:57:54.0359 23436 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    23:57:54.0362 23436 DockLoginService - ok
    23:57:54.0467 23436 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
    23:57:54.0472 23436 dot3svc - ok
    23:57:54.0559 23436 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
    23:57:54.0562 23436 DPS - ok
    23:57:54.0689 23436 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    23:57:54.0692 23436 drmkaud - ok
    23:57:54.0766 23436 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    23:57:54.0788 23436 DXGKrnl - ok
    23:57:55.0015 23436 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
    23:57:55.0021 23436 e1express - ok
    23:57:55.0080 23436 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
    23:57:55.0083 23436 E1G60 - ok
    23:57:55.0185 23436 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
    23:57:55.0187 23436 EapHost - ok
    23:57:55.0264 23436 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
    23:57:55.0267 23436 Ecache - ok
    23:57:55.0562 23436 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    23:57:55.0568 23436 ehRecvr - ok
    23:57:55.0587 23436 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
    23:57:55.0590 23436 ehSched - ok
    23:57:55.0681 23436 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
    23:57:55.0682 23436 ehstart - ok
    23:57:55.0739 23436 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    23:57:55.0746 23436 elxstor - ok
    23:57:55.0842 23436 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    23:57:55.0849 23436 EMDMgmt - ok
    23:57:56.0109 23436 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    23:57:56.0112 23436 EPSON_PM_RPCV4_01 - ok
    23:57:56.0165 23436 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys
    23:57:56.0254 23436 ErrDev - ok
    23:57:56.0318 23436 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
    23:57:56.0325 23436 EventSystem - ok
    23:57:56.0372 23436 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
    23:57:56.0428 23436 exfat - ok
    23:57:56.0517 23436 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    23:57:56.0521 23436 fastfat - ok
    23:57:56.0603 23436 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    23:57:56.0604 23436 fdc - ok
    23:57:56.0651 23436 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
    23:57:56.0653 23436 fdPHost - ok
    23:57:56.0665 23436 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
    23:57:56.0666 23436 FDResPub - ok
    23:57:56.0753 23436 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    23:57:56.0755 23436 FileInfo - ok
    23:57:56.0805 23436 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    23:57:56.0806 23436 Filetrace - ok
    23:57:56.0848 23436 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    23:57:56.0849 23436 flpydisk - ok
    23:57:56.0914 23436 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    23:57:56.0919 23436 FltMgr - ok
    23:57:57.0008 23436 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
    23:57:57.0042 23436 FontCache - ok
    23:57:57.0142 23436 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:57:57.0143 23436 FontCache3.0.0.0 - ok
    23:57:57.0326 23436 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    23:57:57.0328 23436 Fs_Rec - ok
    23:57:57.0388 23436 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    23:57:57.0390 23436 gagp30kx - ok
    23:57:57.0474 23436 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    23:57:57.0476 23436 GEARAspiWDM - ok
    23:57:57.0754 23436 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
    23:57:57.0776 23436 gpsvc - ok
    23:57:57.0944 23436 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1ca23909c942c0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:57:57.0955 23436 gupdate1ca23909c942c0 - ok
    23:57:57.0968 23436 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:57:57.0969 23436 gupdatem - ok
    23:57:58.0081 23436 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:57:58.0085 23436 gusvc - ok
    23:57:58.0128 23436 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
    23:57:58.0130 23436 hamachi - ok
    23:57:58.0321 23436 [ A5963114373834D78782013BC803043E ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    23:57:58.0398 23436 Hamachi2Svc - ok
    23:57:58.0459 23436 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    23:57:58.0481 23436 HDAudBus - ok
    23:57:58.0693 23436 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
    23:57:58.0705 23436 HidBth - ok
    23:57:58.0743 23436 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
    23:57:58.0824 23436 HidIr - ok
    23:57:58.0912 23436 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
    23:57:58.0913 23436 hidserv - ok
    23:57:58.0943 23436 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    23:57:59.0002 23436 HidUsb - ok
    23:57:59.0078 23436 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
    23:57:59.0081 23436 hkmsvc - ok
    23:57:59.0124 23436 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    23:57:59.0126 23436 HpCISSs - ok
    23:57:59.0165 23436 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    23:57:59.0209 23436 HTTP - ok
    23:57:59.0288 23436 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    23:57:59.0290 23436 i2omp - ok
    23:57:59.0351 23436 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    23:57:59.0353 23436 i8042prt - ok
    23:57:59.0427 23436 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor C:\Windows\system32\drivers\iastor.sys
    23:57:59.0430 23436 iaStor - ok
    23:57:59.0518 23436 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    23:57:59.0523 23436 iaStorV - ok
    23:57:59.0695 23436 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    23:57:59.0751 23436 IDriverT - ok
    23:57:59.0831 23436 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:57:59.0850 23436 idsvc - ok
    23:57:59.0889 23436 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    23:57:59.0891 23436 iirsp - ok
    23:57:59.0929 23436 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
    23:57:59.0935 23436 IKEEXT - ok
    23:57:59.0991 23436 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
    23:57:59.0992 23436 intelide - ok
    23:58:00.0031 23436 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    23:58:00.0033 23436 intelppm - ok
    23:58:00.0108 23436 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    23:58:00.0111 23436 IPBusEnum - ok
    23:58:00.0216 23436 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    23:58:00.0218 23436 IpFilterDriver - ok
    23:58:00.0278 23436 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    23:58:00.0283 23436 iphlpsvc - ok
    23:58:00.0288 23436 IpInIp - ok
    23:58:00.0340 23436 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    23:58:00.0342 23436 IPMIDRV - ok
    23:58:00.0387 23436 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    23:58:00.0390 23436 IPNAT - ok
    23:58:00.0500 23436 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    23:58:00.0520 23436 iPod Service - ok
    23:58:00.0588 23436 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    23:58:00.0822 23436 IRENUM - ok
    23:58:00.0867 23436 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
    23:58:00.0869 23436 isapnp - ok
    23:58:00.0905 23436 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    23:58:00.0909 23436 iScsiPrt - ok
    23:58:00.0930 23436 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    23:58:00.0932 23436 iteatapi - ok
    23:58:00.0981 23436 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    23:58:00.0983 23436 iteraid - ok
    23:58:01.0005 23436 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    23:58:01.0006 23436 kbdclass - ok
    23:58:01.0098 23436 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    23:58:01.0099 23436 kbdhid - ok
    23:58:01.0191 23436 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
    23:58:01.0193 23436 KeyIso - ok
    23:58:01.0239 23436 [ 4E76398AEF64CB6D782CFEB99B4EAE55 ] KMWDFILTER C:\Windows\system32\DRIVERS\KMWDFILTER.sys
    23:58:01.0655 23436 KMWDFILTER - ok
    23:58:01.0743 23436 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    23:58:01.0763 23436 KSecDD - ok
    23:58:01.0842 23436 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    23:58:01.0885 23436 ksthunk - ok
    23:58:01.0959 23436 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
    23:58:02.0192 23436 KtmRm - ok
    23:58:02.0260 23436 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
    23:58:02.0264 23436 LanmanServer - ok
    23:58:02.0355 23436 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    23:58:02.0360 23436 LanmanWorkstation - ok
    23:58:02.0443 23436 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
    23:58:02.0444 23436 lirsgt - ok
    23:58:02.0637 23436 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    23:58:02.0652 23436 lltdio - ok
    23:58:02.0760 23436 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    23:58:02.0766 23436 lltdsvc - ok
    23:58:02.0812 23436 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
    23:58:02.0813 23436 lmhosts - ok
    23:58:02.0899 23436 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    23:58:02.0903 23436 LSI_FC - ok
    23:58:02.0989 23436 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    23:58:02.0992 23436 LSI_SAS - ok
    23:58:03.0100 23436 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    23:58:03.0103 23436 LSI_SCSI - ok
    23:58:03.0228 23436 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
    23:58:03.0230 23436 luafv - ok
    23:58:03.0305 23436 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    23:58:03.0308 23436 Mcx2Svc - ok
    23:58:03.0373 23436 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
    23:58:03.0375 23436 megasas - ok
    23:58:03.0408 23436 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    23:58:03.0416 23436 MegaSR - ok
    23:58:03.0490 23436 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
    23:58:03.0492 23436 MMCSS - ok
    23:58:03.0580 23436 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
    23:58:03.0582 23436 Modem - ok
    23:58:03.0654 23436 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    23:58:03.0656 23436 monitor - ok
    23:58:03.0754 23436 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    23:58:03.0756 23436 mouclass - ok
    23:58:03.0853 23436 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    23:58:03.0976 23436 mouhid - ok
    23:58:03.0985 23436 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    23:58:03.0987 23436 MountMgr - ok
    23:58:04.0034 23436 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
    23:58:04.0037 23436 mpio - ok
    23:58:04.0064 23436 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    23:58:04.0093 23436 mpsdrv - ok
    23:58:04.0220 23436 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
    23:58:04.0444 23436 MpsSvc - ok
    23:58:04.0462 23436 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    23:58:04.0464 23436 Mraid35x - ok
    23:58:04.0496 23436 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    23:58:04.0499 23436 MRxDAV - ok
    23:58:04.0519 23436 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    23:58:04.0522 23436 mrxsmb - ok
    23:58:04.0608 23436 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    23:58:04.0613 23436 mrxsmb10 - ok
    23:58:04.0647 23436 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    23:58:04.0650 23436 mrxsmb20 - ok
    23:58:04.0734 23436 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
    23:58:04.0736 23436 msahci - ok
    23:58:04.0783 23436 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    23:58:04.0786 23436 msdsm - ok
    23:58:04.0828 23436 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
    23:58:04.0831 23436 MSDTC - ok
    23:58:04.0915 23436 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
    23:58:04.0917 23436 Msfs - ok
    23:58:05.0007 23436 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    23:58:05.0008 23436 msisadrv - ok
    23:58:05.0048 23436 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    23:58:05.0160 23436 MSiSCSI - ok
    23:58:05.0164 23436 msiserver - ok
    23:58:05.0338 23436 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    23:58:05.0339 23436 MSKSSRV - ok
    23:58:05.0375 23436 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    23:58:05.0509 23436 MSPCLOCK - ok
    23:58:05.0725 23436 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    23:58:05.0726 23436 MSPQM - ok
    23:58:05.0854 23436 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    23:58:05.0860 23436 MsRPC - ok
    23:58:05.0977 23436 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    23:58:05.0979 23436 mssmbios - ok
    23:58:06.0006 23436 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    23:58:06.0008 23436 MSTEE - ok
    23:58:06.0100 23436 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
    23:58:06.0102 23436 Mup - ok
    23:58:06.0186 23436 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
    23:58:06.0194 23436 napagent - ok
    23:58:06.0293 23436 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    23:58:06.0343 23436 NativeWifiP - ok
    23:58:06.0474 23436 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
    23:58:06.0498 23436 NDIS - ok
    23:58:06.0554 23436 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    23:58:06.0555 23436 NdisTapi - ok
    23:58:06.0571 23436 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    23:58:06.0572 23436 Ndisuio - ok
    23:58:06.0621 23436 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    23:58:06.0625 23436 NdisWan - ok
    23:58:06.0700 23436 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    23:58:06.0702 23436 NDProxy - ok
    23:58:06.0716 23436 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    23:58:06.0718 23436 NetBIOS - ok
    23:58:06.0761 23436 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    23:58:06.0765 23436 netbt - ok
    23:58:06.0769 23436 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
    23:58:06.0774 23436 Netlogon - ok
    23:58:06.0904 23436 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
    23:58:06.0912 23436 Netman - ok
    23:58:07.0012 23436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:58:07.0027 23436 NetMsmqActivator - ok
    23:58:07.0031 23436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:58:07.0033 23436 NetPipeActivator - ok
    23:58:07.0078 23436 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
    23:58:07.0084 23436 netprofm - ok
    23:58:07.0145 23436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:58:07.0146 23436 NetTcpActivator - ok
    23:58:07.0151 23436 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    23:58:07.0153 23436 NetTcpPortSharing - ok
    23:58:07.0355 23436 [ F17EDA58C8C5B1A4F873B322729168FF ] NETw5v64 C:\Windows\system32\DRIVERS\NETw5v64.sys
    23:58:07.0589 23436 NETw5v64 - ok
    23:58:07.0615 23436 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    23:58:07.0617 23436 nfrd960 - ok
    23:58:07.0678 23436 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
    23:58:07.0682 23436 NlaSvc - ok
    23:58:07.0767 23436 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    23:58:07.0769 23436 Npfs - ok
    23:58:07.0840 23436 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
    23:58:07.0843 23436 nsi - ok
    23:58:07.0929 23436 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    23:58:07.0930 23436 nsiproxy - ok
    23:58:08.0038 23436 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    23:58:08.0115 23436 Ntfs - ok
    23:58:08.0206 23436 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
    23:58:08.0208 23436 Null - ok
    23:58:08.0350 23436 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    23:58:08.0353 23436 nvraid - ok
    23:58:08.0469 23436 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
    23:58:08.0488 23436 nvstor - ok
    23:58:08.0528 23436 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    23:58:08.0531 23436 nv_agp - ok
     
  5. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    Part 2:

    23:58:08.0535 23436 NwlnkFlt - ok
    23:58:08.0541 23436 NwlnkFwd - ok
    23:58:08.0773 23436 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    23:58:08.0781 23436 odserv - ok
    23:58:08.0897 23436 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    23:58:08.0911 23436 ohci1394 - ok
    23:58:09.0039 23436 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    23:58:09.0095 23436 ose - ok
    23:58:09.0162 23436 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
    23:58:09.0185 23436 p2pimsvc - ok
    23:58:09.0198 23436 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
    23:58:09.0205 23436 p2psvc - ok
    23:58:09.0390 23436 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
    23:58:09.0524 23436 Parport - ok
    23:58:09.0629 23436 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    23:58:09.0646 23436 partmgr - ok
    23:58:09.0703 23436 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
    23:58:09.0706 23436 PcaSvc - ok
    23:58:10.0166 23436 [ 58C1CD52347C4835DC3606CD4723F426 ] PCD5SRVC{048DBD20-445E8C82-05040104} C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms
    23:58:10.0366 23436 PCD5SRVC{048DBD20-445E8C82-05040104} - ok
    23:58:10.0415 23436 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
    23:58:10.0419 23436 pci - ok
    23:58:10.0467 23436 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
    23:58:10.0469 23436 pciide - ok
    23:58:10.0503 23436 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    23:58:10.0506 23436 pcmcia - ok
    23:58:10.0560 23436 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    23:58:10.0584 23436 PEAUTH - ok
    23:58:10.0693 23436 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    23:58:10.0695 23436 PerfHost - ok
    23:58:10.0782 23436 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
    23:58:10.0838 23436 pla - ok
    23:58:10.0905 23436 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    23:58:10.0912 23436 PlugPlay - ok
    23:58:10.0926 23436 PnkBstrA - ok
    23:58:10.0997 23436 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    23:58:11.0019 23436 PNRPAutoReg - ok
    23:58:11.0034 23436 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
    23:58:11.0043 23436 PNRPsvc - ok
    23:58:11.0090 23436 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    23:58:11.0112 23436 PolicyAgent - ok
    23:58:11.0181 23436 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    23:58:11.0183 23436 PptpMiniport - ok
    23:58:11.0224 23436 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
    23:58:11.0226 23436 Processor - ok
    23:58:11.0281 23436 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
    23:58:11.0288 23436 ProfSvc - ok
    23:58:11.0330 23436 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
    23:58:11.0332 23436 ProtectedStorage - ok
    23:58:11.0407 23436 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    23:58:11.0409 23436 PSched - ok
    23:58:11.0556 23436 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    23:58:11.0574 23436 PxHlpa64 - ok
    23:58:11.0654 23436 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    23:58:11.0687 23436 ql2300 - ok
    23:58:11.0721 23436 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    23:58:11.0724 23436 ql40xx - ok
    23:58:11.0790 23436 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
    23:58:11.0796 23436 QWAVE - ok
    23:58:11.0806 23436 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    23:58:11.0808 23436 QWAVEdrv - ok
    23:58:12.0114 23436 [ 4284FB1240537A33E6EC417EFD87D40F ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
    23:58:12.0192 23436 R300 - ok
    23:58:12.0263 23436 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    23:58:12.0264 23436 RasAcd - ok
    23:58:12.0319 23436 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
    23:58:12.0322 23436 RasAuto - ok
    23:58:12.0476 23436 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    23:58:12.0479 23436 Rasl2tp - ok
    23:58:12.0533 23436 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
    23:58:12.0540 23436 RasMan - ok
    23:58:12.0613 23436 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    23:58:12.0702 23436 RasPppoe - ok
    23:58:12.0788 23436 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    23:58:12.0832 23436 RasSstp - ok
    23:58:12.0870 23436 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    23:58:12.0875 23436 rdbss - ok
    23:58:12.0942 23436 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    23:58:12.0944 23436 RDPCDD - ok
    23:58:12.0993 23436 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    23:58:12.0999 23436 rdpdr - ok
    23:58:13.0032 23436 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    23:58:13.0033 23436 RDPENCDD - ok
    23:58:13.0128 23436 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    23:58:13.0173 23436 RDPWD - ok
    23:58:13.0233 23436 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
    23:58:13.0236 23436 RemoteAccess - ok
    23:58:13.0304 23436 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    23:58:13.0309 23436 RemoteRegistry - ok
    23:58:13.0407 23436 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
    23:58:13.0408 23436 RpcLocator - ok
    23:58:13.0538 23436 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
    23:58:13.0544 23436 RpcSs - ok
    23:58:13.0624 23436 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    23:58:13.0626 23436 rspndr - ok
    23:58:13.0780 23436 [ BA9306C027A92A7ED685F7C6E2D2B00B ] RTSTOR C:\Windows\system32\drivers\RTSTOR64.SYS
    23:58:13.0859 23436 RTSTOR - ok
    23:58:13.0909 23436 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
    23:58:13.0910 23436 SamSs - ok
    23:58:13.0992 23436 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    23:58:14.0017 23436 sbp2port - ok
    23:58:14.0248 23436 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    23:58:14.0282 23436 SBSDWSCService - ok
    23:58:14.0382 23436 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
    23:58:14.0386 23436 SCardSvr - ok
    23:58:14.0505 23436 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
    23:58:14.0572 23436 Schedule - ok
    23:58:14.0715 23436 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
    23:58:14.0716 23436 SCPolicySvc - ok
    23:58:14.0782 23436 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    23:58:14.0785 23436 SDRSVC - ok
    23:58:14.0838 23436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    23:58:14.0877 23436 secdrv - ok
    23:58:14.0992 23436 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
    23:58:14.0994 23436 seclogon - ok
    23:58:15.0004 23436 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
    23:58:15.0007 23436 SENS - ok
    23:58:15.0039 23436 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
    23:58:15.0042 23436 Serenum - ok
    23:58:15.0097 23436 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
    23:58:15.0099 23436 Serial - ok
    23:58:15.0113 23436 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
    23:58:15.0114 23436 sermouse - ok
    23:58:15.0183 23436 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
    23:58:15.0186 23436 SessionEnv - ok
    23:58:15.0250 23436 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    23:58:15.0252 23436 sffdisk - ok
    23:58:15.0303 23436 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    23:58:15.0312 23436 sffp_mmc - ok
    23:58:15.0513 23436 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    23:58:15.0572 23436 sffp_sd - ok
    23:58:15.0639 23436 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    23:58:15.0641 23436 sfloppy - ok
    23:58:15.0718 23436 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    23:58:15.0725 23436 SharedAccess - ok
    23:58:15.0777 23436 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    23:58:15.0784 23436 ShellHWDetection - ok
    23:58:15.0875 23436 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    23:58:15.0877 23436 SiSRaid2 - ok
    23:58:15.0897 23436 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    23:58:15.0899 23436 SiSRaid4 - ok
    23:58:16.0004 23436 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
    23:58:16.0170 23436 slsvc - ok
    23:58:16.0299 23436 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
    23:58:16.0302 23436 SLUINotify - ok
    23:58:16.0422 23436 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    23:58:16.0424 23436 Smb - ok
    23:58:16.0604 23436 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    23:58:16.0606 23436 SNMPTRAP - ok
    23:58:16.0697 23436 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
    23:58:16.0699 23436 spldr - ok
    23:58:16.0753 23436 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
    23:58:16.0759 23436 Spooler - ok
    23:58:16.0819 23436 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    23:58:16.0823 23436 sprtsvc_DellSupportCenter - ok
    23:58:16.0864 23436 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
    23:58:16.0872 23436 srv - ok
    23:58:16.0994 23436 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    23:58:17.0083 23436 srv2 - ok
    23:58:17.0143 23436 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    23:58:17.0147 23436 srvnet - ok
    23:58:17.0186 23436 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    23:58:17.0190 23436 SSDPSRV - ok
    23:58:17.0211 23436 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
    23:58:17.0214 23436 SstpSvc - ok
    23:58:17.0440 23436 [ 5697FB5DCF36ADA09C153378E88AE6AD ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe
    23:58:17.0444 23436 STacSV - ok
    23:58:17.0580 23436 Steam Client Service - ok
    23:58:17.0674 23436 [ F3F6C17F70EBA268CDBE4F9704E3EAC5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    23:58:17.0695 23436 STHDA - ok
    23:58:17.0964 23436 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
    23:58:17.0986 23436 stisvc - ok
    23:58:18.0125 23436 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    23:58:18.0129 23436 stllssvr - ok
    23:58:18.0159 23436 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    23:58:18.0161 23436 swenum - ok
    23:58:18.0256 23436 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
    23:58:18.0278 23436 swprv - ok
    23:58:18.0300 23436 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    23:58:18.0302 23436 Symc8xx - ok
    23:58:18.0416 23436 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    23:58:18.0417 23436 Sym_hi - ok
    23:58:18.0434 23436 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    23:58:18.0436 23436 Sym_u3 - ok
    23:58:18.0536 23436 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
    23:58:18.0559 23436 SysMain - ok
    23:58:18.0607 23436 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
    23:58:18.0610 23436 TabletInputService - ok
    23:58:18.0661 23436 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
    23:58:18.0667 23436 TapiSrv - ok
    23:58:18.0724 23436 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
    23:58:18.0727 23436 TBS - ok
    23:58:18.0796 23436 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    23:58:18.0852 23436 Tcpip - ok
    23:58:18.0942 23436 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    23:58:18.0950 23436 Tcpip6 - ok
    23:58:19.0133 23436 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    23:58:19.0163 23436 tcpipreg - ok
    23:58:19.0260 23436 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    23:58:19.0262 23436 TDPIPE - ok
    23:58:19.0284 23436 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    23:58:19.0285 23436 TDTCP - ok
    23:58:19.0356 23436 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    23:58:19.0359 23436 tdx - ok
    23:58:19.0391 23436 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    23:58:19.0393 23436 TermDD - ok
    23:58:19.0435 23436 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
    23:58:19.0460 23436 TermService - ok
    23:58:19.0491 23436 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
    23:58:19.0494 23436 Themes - ok
    23:58:19.0532 23436 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
    23:58:19.0534 23436 THREADORDER - ok
    23:58:19.0577 23436 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
    23:58:19.0581 23436 TrkWks - ok
    23:58:19.0658 23436 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    23:58:19.0660 23436 TrustedInstaller - ok
    23:58:19.0695 23436 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    23:58:19.0696 23436 tssecsrv - ok
    23:58:19.0712 23436 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    23:58:19.0713 23436 tunmp - ok
    23:58:19.0749 23436 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    23:58:19.0751 23436 tunnel - ok
    23:58:19.0776 23436 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    23:58:19.0778 23436 uagp35 - ok
    23:58:19.0811 23436 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    23:58:19.0829 23436 udfs - ok
    23:58:19.0908 23436 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
    23:58:19.0911 23436 UI0Detect - ok
    23:58:19.0938 23436 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    23:58:19.0941 23436 uliagpkx - ok
    23:58:19.0974 23436 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    23:58:19.0980 23436 uliahci - ok
    23:58:20.0004 23436 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    23:58:20.0009 23436 UlSata - ok
    23:58:20.0032 23436 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    23:58:20.0036 23436 ulsata2 - ok
    23:58:20.0055 23436 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    23:58:20.0059 23436 umbus - ok
    23:58:20.0098 23436 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
    23:58:20.0105 23436 upnphost - ok
    23:58:20.0186 23436 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    23:58:20.0188 23436 USBAAPL64 - ok
    23:58:20.0230 23436 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    23:58:20.0245 23436 usbaudio - ok
    23:58:20.0301 23436 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    23:58:20.0321 23436 usbccgp - ok
    23:58:20.0336 23436 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    23:58:20.0339 23436 usbcir - ok
    23:58:20.0378 23436 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    23:58:20.0380 23436 usbehci - ok
    23:58:20.0419 23436 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    23:58:20.0427 23436 usbhub - ok
    23:58:20.0463 23436 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    23:58:20.0464 23436 usbohci - ok
    23:58:20.0513 23436 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    23:58:20.0545 23436 usbprint - ok
    23:58:20.0579 23436 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    23:58:20.0612 23436 usbscan - ok
    23:58:20.0677 23436 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    23:58:20.0737 23436 USBSTOR - ok
    23:58:20.0780 23436 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    23:58:20.0781 23436 usbuhci - ok
    23:58:20.0837 23436 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    23:58:20.0882 23436 usbvideo - ok
    23:58:20.0935 23436 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
    23:58:20.0946 23436 UxSms - ok
    23:58:20.0982 23436 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
    23:58:20.0991 23436 vds - ok
    23:58:21.0018 23436 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    23:58:21.0020 23436 vga - ok
    23:58:21.0082 23436 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
    23:58:21.0084 23436 VgaSave - ok
    23:58:21.0106 23436 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
    23:58:21.0108 23436 viaide - ok
    23:58:21.0113 23436 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
    23:58:21.0115 23436 volmgr - ok
    23:58:21.0189 23436 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    23:58:21.0196 23436 volmgrx - ok
    23:58:21.0349 23436 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
    23:58:21.0354 23436 volsnap - ok
    23:58:21.0389 23436 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    23:58:21.0392 23436 vsmraid - ok
    23:58:21.0468 23436 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
    23:58:21.0502 23436 VSS - ok
    23:58:21.0648 23436 [ F117D00BBB401C61CE3E9F3B846D0821 ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    23:58:21.0693 23436 vToolbarUpdater13.2.0 - ok
    23:58:21.0784 23436 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
    23:58:21.0792 23436 W32Time - ok
    23:58:21.0852 23436 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    23:58:21.0854 23436 WacomPen - ok
    23:58:21.0895 23436 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    23:58:21.0917 23436 Wanarp - ok
    23:58:21.0921 23436 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    23:58:21.0922 23436 Wanarpv6 - ok
    23:58:22.0042 23436 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    23:58:22.0064 23436 wcncsvc - ok
    23:58:22.0117 23436 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    23:58:22.0119 23436 WcsPlugInService - ok
    23:58:22.0152 23436 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
    23:58:22.0153 23436 Wd - ok
    23:58:22.0232 23436 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    23:58:22.0253 23436 Wdf01000 - ok
    23:58:22.0287 23436 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
    23:58:22.0290 23436 WdiServiceHost - ok
    23:58:22.0295 23436 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
    23:58:22.0297 23436 WdiSystemHost - ok
    23:58:22.0328 23436 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
    23:58:22.0333 23436 WebClient - ok
    23:58:22.0418 23436 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
    23:58:22.0424 23436 Wecsvc - ok
    23:58:22.0568 23436 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    23:58:22.0572 23436 wercplsupport - ok
    23:58:22.0636 23436 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
    23:58:22.0640 23436 WerSvc - ok
    23:58:22.0724 23436 WinHttpAutoProxySvc - ok
    23:58:22.0842 23436 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    23:58:22.0846 23436 Winmgmt - ok
    23:58:23.0066 23436 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
    23:58:23.0111 23436 WinRM - ok
    23:58:23.0165 23436 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
    23:58:23.0188 23436 Wlansvc - ok
    23:58:23.0343 23436 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:58:23.0421 23436 wlidsvc - ok
    23:58:23.0516 23436 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    23:58:23.0517 23436 WmiAcpi - ok
    23:58:23.0593 23436 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    23:58:23.0597 23436 wmiApSrv - ok
    23:58:23.0651 23436 WMPNetworkSvc - ok
    23:58:23.0719 23436 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    23:58:23.0723 23436 WPCSvc - ok
    23:58:23.0756 23436 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    23:58:23.0760 23436 WPDBusEnum - ok
    23:58:23.0915 23436 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    23:58:23.0949 23436 WpdUsb - ok
    23:58:24.0167 23436 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    23:58:24.0200 23436 WPFFontCache_v0400 - ok
    23:58:24.0244 23436 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    23:58:24.0245 23436 ws2ifsl - ok
    23:58:24.0464 23436 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
    23:58:24.0467 23436 wscsvc - ok
    23:58:24.0471 23436 WSearch - ok
    23:58:24.0608 23436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    23:58:24.0730 23436 wuauserv - ok
    23:58:24.0975 23436 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    23:58:24.0977 23436 WUDFRd - ok
    23:58:25.0017 23436 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    23:58:25.0021 23436 wudfsvc - ok
    23:58:25.0095 23436 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    23:58:25.0117 23436 YahooAUService - ok
    23:58:25.0270 23436 yksvc - ok
    23:58:25.0327 23436 [ B681CADB266B151061E7BAA82B0D77B7 ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
    23:58:25.0335 23436 yukonx64 - ok
    23:58:25.0396 23436 ================ Scan global ===============================
    23:58:25.0495 23436 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
    23:58:25.0551 23436 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    23:58:25.0595 23436 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    23:58:25.0693 23436 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
    23:58:25.0700 23436 [Global] - ok
    23:58:25.0700 23436 ================ Scan MBR ==================================
    23:58:25.0735 23436 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
    23:58:25.0736 23436 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    23:58:25.0876 23436 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    23:58:25.0876 23436 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    23:58:25.0876 23436 ================ Scan VBR ==================================
    23:58:25.0913 23436 [ BB9CCD74F497C0A6B47055BCA02E406F ] \Device\Harddisk0\DR0\Partition1
    23:58:25.0914 23436 \Device\Harddisk0\DR0\Partition1 - ok
    23:58:25.0918 23436 [ D3534D7D899B2BB512AB7E7B27780884 ] \Device\Harddisk0\DR0\Partition2
    23:58:25.0920 23436 \Device\Harddisk0\DR0\Partition2 - ok
    23:58:25.0920 23436 ============================================================
    23:58:25.0920 23436 Scan finished
    23:58:25.0920 23436 ============================================================
    23:58:25.0932 41488 Detected object count: 1
    23:58:25.0933 41488 Actual detected object count: 1
    23:58:34.0091 41488 \Device\Harddisk0\DR0\# - copied to quarantine
    23:58:34.0093 41488 \Device\Harddisk0\DR0 - copied to quarantine
    23:58:34.0180 41488 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    23:58:34.0183 41488 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    23:58:34.0200 41488 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    23:58:34.0209 41488 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    23:58:34.0211 41488 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    23:58:34.0212 41488 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    23:58:34.0214 41488 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    23:58:34.0216 41488 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    23:58:34.0218 41488 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    23:58:34.0220 41488 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    23:58:34.0221 41488 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    23:58:34.0390 41488 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    23:58:34.0667 41488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    23:58:34.0758 41488 \Device\Harddisk0\DR0 - ok
    23:58:35.0123 41488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    23:58:47.0334 22716 Deinitialize success
     
  6. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Good :)

    Re-run MBAM and post new log.

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =====================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  7. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    New MBAM log:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.23.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Keegan :: KEEGAN-PC [administrator]

    11/23/2012 11:26:32 AM
    mbam-log-2012-11-23 (11-26-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 239870
    Time elapsed: 5 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
    RKreport.txt:
    RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Keegan [Admin rights]
    Mode : Scan -- Date : 11/23/2012 11:21:10
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 12 ¤¤¤
    [STARTUP][SUSP PATH] PowerReg Scheduler.exe @Keegan : C:\Users\Keegan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\n.) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\n.) -> FOUND
    [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\n.) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\@ --> FOUND
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\@ --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\U --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\L --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\L --> FOUND
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> E:\windows\system32\config\SOFTWARE
    -> E:\Users\Default\NTUSER.DAT
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++
    --- User ---
    [MBR] 1205de7719c5be6b1bcdf49d2b93432e
    [BSP] 4b314049cc507ea6f5e327c387c26c5c : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_11232012_02d1121.txt >>
    RKreport[1]_S_11232012_02d1121.txt

    aswMBR scan in progress
     
  8. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    aswMBR.txt:

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-23 11:52:07
    -----------------------------
    11:52:07.048 OS Version: Windows x64 6.0.6002 Service Pack 2
    11:52:07.048 Number of processors: 2 586 0x170A
    11:52:07.049 ComputerName: KEEGAN-PC UserName: Keegan
    11:52:08.854 Initialize success
    11:52:15.035 AVAST engine defs: 12112301
    11:52:30.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:52:30.422 Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
    11:52:30.439 Disk 0 MBR read successfully
    11:52:30.440 Disk 0 MBR scan
    11:52:30.443 Disk 0 Windows VISTA default MBR code
    11:52:30.445 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    11:52:30.460 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
    11:52:30.478 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 223434 MB offset 30801920
    11:52:30.512 Disk 0 scanning C:\Windows\system32\drivers
    11:52:41.054 Service scanning
    11:53:10.239 Modules scanning
    11:53:10.243 Disk 0 trace - called modules:
    11:53:10.261 ntoskrnl.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
    11:53:10.265 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800472e760]
    11:53:10.268 3 CLASSPNP.SYS[fffffa60013d5c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80045d1050]
    11:53:11.766 AVAST engine scan C:\Windows
    11:53:16.601 AVAST engine scan C:\Windows\system32
    11:59:37.434 AVAST engine scan C:\Windows\system32\drivers
    11:59:52.566 AVAST engine scan C:\Users\Keegan
    12:35:58.109 AVAST engine scan C:\ProgramData
    12:39:13.443 Scan finished successfully
    13:01:33.563 Disk 0 MBR has been saved successfully to "C:\Users\Keegan\Desktop\MBR.dat"
    13:01:33.566 The log file has been saved successfully to "C:\Users\Keegan\Desktop\aswMBR.txt"
     
  9. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ********************************************

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  10. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    Looking at my desktop I realized I missed a 2nd RKreport.

    RKreport[2]:

    RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Keegan [Admin rights]
    Mode : Remove -- Date : 11/23/2012 11:22:19

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 10 ¤¤¤
    [STARTUP][SUSP PATH] PowerReg Scheduler.exe @Keegan : C:\Users\Keegan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe -> DELETED
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\n.) -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\@ --> REMOVED
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> E:\windows\system32\config\SOFTWARE
    -> E:\Users\Default\NTUSER.DAT

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD2500BEVT-75ZCT2 +++++
    --- User ---
    [MBR] 1205de7719c5be6b1bcdf49d2b93432e
    [BSP] 4b314049cc507ea6f5e327c387c26c5c : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11232012_02d1122.txt >>
    RKreport[1]_S_11232012_02d1121.txt ; RKreport[2]_D_11232012_02d1122.txt
     
  11. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    MBAR logs:

    1st scan:
    Malwarebytes Anti-Rootkit 1.1.0.1009
    www.malwarebytes.org

    Database version: v2012.11.23.08

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Keegan :: KEEGAN-PC [administrator]

    11/23/2012 1:30:47 PM
    mbar-log-2012-11-23 (13-30-47).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 25637
    Time elapsed: 15 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 2
    C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee (Trojan.Siredef.C) -> Delete on reboot. [94ed4e6b1b426ccadec936ca31cf59a7]
    C:\$Recycle.Bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee (Trojan.Siredef.C) -> Delete on reboot. [20613188fd60ac8a1d8a35cb06fab64a]

    Files Detected: 0
    (No malicious items detected)

    (end)
    2nd Scan:
    Database version: v2012.11.23.08
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Keegan :: KEEGAN-PC [administrator]
    11/23/2012 2:16:59 PM
    mbar-log-2012-11-23 (14-16-59).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled: PUP | PUM | P2P
    Objects scanned: 25569
    Time elapsed: 12 minute(s), 32 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    system-log.txt:
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.0.6002 Windows Vista Service Pack 2 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4292280320, free: 1377656832
    ------------ Kernel report ------------
    11/23/2012 13:15:01
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iastor.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETw5v64.sys
    \SystemRoot\system32\DRIVERS\yk60x64.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\Amfltx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\drivers\RTSTOR64.SYS
    \SystemRoot\system32\drivers\USBD.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Users\Keegan\AppData\Local\Temp\aswMBR.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800472e760
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80045d1050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2012.11.23.08
    Downloaded database version: v2012.11.19.01
    Initializing...
    Done!
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800472e760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800472e170, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800472e760, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa80045d1050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff88014d870a0, 0xfffffa800472e760, 0xfffffa800d888790
    Lower DeviceData: 0xfffff8801302b750, 0xfffffa80045d1050, 0xfffffa800cf27be0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1A7C51DD
    Partition information:
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 81920 Numsec = 30720000
    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30801920 Numsec = 457593200
    Partition file system is NTFS
    Partition is bootable
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250059350016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\ProgramData\AVG2013\chjw\ee94845794842465.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\{F8999601-BE77-433E-A70A-B7766E47AE73}\Impulse_setup.dat" is compressed (flags = 1)
    Read File: File "C:\ProgramData\{F8999601-BE77-433E-A70A-B7766E47AE73}\instance.dat" is compressed (flags = 1)
    Infected: C:\$Recycle.Bin\S-1-5-18\$83fbc6f5f2f12edf66911945d9266eee --> [Trojan.Siredef.C]
    Infected: C:\$Recycle.Bin\S-1-5-21-1476232679-447080670-1737744086-1000\$83fbc6f5f2f12edf66911945d9266eee --> [Trojan.Siredef.C]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occured
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.0.6002 Windows Vista Service Pack 2 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4292280320, free: 2694537216
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.0.6002 Windows Vista Service Pack 2 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4292280320, free: 2190307328
    ------------ Kernel report ------------
    11/23/2012 14:04:16
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\acpi.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iastor.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\ecache.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\drivers\crcdisk.sys
    \SystemRoot\system32\DRIVERS\avgrkx64.sys
    \SystemRoot\system32\DRIVERS\avgloga.sys
    \SystemRoot\system32\DRIVERS\avgmfx64.sys
    \SystemRoot\system32\DRIVERS\avgidsha.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\tunmp.sys
    \SystemRoot\system32\DRIVERS\atikmpag.sys
    \SystemRoot\system32\DRIVERS\atikmdag.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETw5v64.sys
    \SystemRoot\system32\DRIVERS\yk60x64.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\Apfiltr.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\msiscsi.sys
    \SystemRoot\system32\DRIVERS\storport.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\hamachi.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\stwrt64.sys
    \SystemRoot\system32\DRIVERS\portcls.sys
    \SystemRoot\system32\DRIVERS\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\Amfltx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\avgtdia.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\smb.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\RTSTOR64.SYS
    \SystemRoot\system32\drivers\USBD.SYS
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\avgldx64.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\spsys.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\drivers\mrxdav.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004743060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80045ea050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Initializing...
    Done!
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004743060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004743b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004743060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa80045ea050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xfffff880125a6200, 0xfffffa8004743060, 0xfffffa80048ab790
    Lower DeviceData: 0xfffff880118f68f0, 0xfffffa80045ea050, 0xfffffa8004a7e1c0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1A7C51DD
    Partition information:
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 80262
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 81920 Numsec = 30720000
    Partition 2 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 30801920 Numsec = 457593200
    Partition file system is NTFS
    Partition is bootable
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 250059350016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-62-488377168-488397168)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "C:\ProgramData\AVG2013\chjw\ee94845794842465.dat" is sparse (flags = 32768)
    Read File: File "C:\ProgramData\{F8999601-BE77-433E-A70A-B7766E47AE73}\Impulse_setup.dat" is compressed (flags = 1)
    Read File: File "C:\ProgramData\{F8999601-BE77-433E-A70A-B7766E47AE73}\instance.dat" is compressed (flags = 1)
    Done!
    Scan finished
    =======================================
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Good :)

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    Combofix log:


    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 272896]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
    FF - ProfilePath - c:\users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|https://www.hclib...yahoo.com/dc/launch?.gx=0&.rand=fkbf7tgsnqi6g
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: extentions.y2layers.installId - 63f8ff47-6343-4d43-ac03-6abe8cc75bab
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
    Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
    Notify-GoToAssist - (no file)
    SafeBoot-86907423.sys
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{27310A4F-6A97-43C0-928C-FE5313B9949B} - c:\programdata\{35A5F47B-6BCE-46EE-967E-F62A1D87D879}\FFOv2011-8_Setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
    "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1476232679-447080670-1737744086-1000\Software\SecuROM\License information*]
    "datasecu"=hex:fb,03,8f,b0,79,7f,e5,de,56,a3,73,e0,b0,69,bf,4a,ef,cb,be,09,22,
    05,f5,9d,6f,f1,48,b8,7c,1c,91,26,29,6d,81,ce,5e,35,9a,f0,2f,37,2d,5c,32,69,\
    "rkeysecu"=hex:f9,b9,a5,c9,53,c4,75,c1,72,92,cd,bb,bf,36,7e,13
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-23 20:18:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-24 02:18
    .
    Pre-Run: 13,648,277,504 bytes free
    Post-Run: 14,976,585,728 bytes free
    .
    - - End Of File - - 39D03B18EC660819B622446B17513814
     
  14. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    That's incomplete.
    Please post the "C:\ComboFix.txt"
     
  15. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    Got it; combofix.txt:

    ComboFix 12-11-23.02 - Keegan 11/23/2012 19:59:03.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2379 [GMT -6:00]
    Running from: c:\users\Keegan\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\StartNow Toolbar
    c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
    c:\users\Keegan\Documents\~WRL0003.tmp
    E:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-24 02:06 . 2012-11-24 02:10--------d-----w-c:\users\Keegan\AppData\Local\temp
    2012-11-23 05:58 . 2012-11-23 05:58--------d-----w-C:\TDSSKiller_Quarantine
    2012-11-21 01:03 . 2012-11-21 01:03--------d-----w-c:\users\Keegan\AppData\Roaming\Malwarebytes
    2012-11-21 01:03 . 2012-11-21 01:03--------d-----w-c:\programdata\Malwarebytes
    2012-11-21 01:03 . 2012-11-21 01:03--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-21 01:03 . 2012-09-30 01:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-20 06:07 . 2012-11-20 06:42--------d-----w-c:\programdata\Spybot - Search & Destroy
    2012-11-20 06:07 . 2012-11-20 06:09--------d-----w-c:\program files (x86)\Spybot - Search & Destroy
    2012-11-20 02:38 . 2012-11-20 02:38--------d-----w-c:\program files (x86)\LogMeIn Hamachi
    2012-11-15 21:16 . 2012-11-15 21:16--------d-----w-c:\users\Keegan\AppData\Local\IIIU
    2012-11-15 21:13 . 2012-11-15 21:14--------d-----w-c:\program files (x86)\GoforFiles
    2012-11-15 21:13 . 2012-11-15 21:13--------d-----w-c:\users\Keegan\AppData\Roaming\GoforFiles
    2012-11-14 21:02 . 2012-11-21 22:06--------d-----w-C:\found.000
    2012-11-13 20:28 . 2012-09-25 16:3191648----a-w-c:\windows\system32\synceng.dll
    2012-11-13 20:28 . 2012-09-25 16:1975776----a-w-c:\windows\SysWow64\synceng.dll
    2012-11-13 20:28 . 2012-10-12 14:532769920----a-w-c:\windows\system32\win32k.sys
    2012-10-28 17:17 . 2012-10-28 17:17--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-14 08:37 . 2006-11-02 12:3566395536----a-w-c:\windows\system32\mrt.exe
    2012-10-08 20:34 . 2012-04-04 01:13696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 20:34 . 2011-06-17 15:5973656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-19 23:45 . 2012-09-19 23:4695208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-19 23:45 . 2012-07-20 19:27821736----a-w-c:\windows\SysWow64\npdeployJava1.dll
    2012-09-19 23:45 . 2010-10-17 04:05746984----a-w-c:\windows\SysWow64\deployJava1.dll
    2012-09-13 13:45 . 2012-10-10 16:482048----a-w-c:\windows\system32\tzres.dll
    2012-09-13 13:28 . 2012-10-10 16:482048----a-w-c:\windows\SysWow64\tzres.dll
    2012-08-29 11:40 . 2012-10-10 16:474699520----a-w-c:\windows\system32\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2008-12-17 206064]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-11-20 2254768]
    .
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe [2009-03-03 89600]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:34]
    .
    2012-11-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-23 05:29]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 01:20]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-23 01:20]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476232679-447080670-1737744086-1000Core.job
    - c:\users\Keegan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-17 01:40]
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1476232679-447080670-1737744086-1000UA.job
    - c:\users\Keegan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-17 01:40]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-09-04 272896]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-26 487424]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab
    FF - ProfilePath - c:\users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig|https://www.hclib...yahoo.com/dc/launch?.gx=0&.rand=fkbf7tgsnqi6g
    FF - prefs.js: network.proxy.type - 0
    FF - user.js: extentions.y2layers.installId - 63f8ff47-6343-4d43-ac03-6abe8cc75bab
    FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
    FF - user.js: extensions.autoDisableScopes - 14
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
    Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
    Notify-GoToAssist - (no file)
    SafeBoot-86907423.sys
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-{27310A4F-6A97-43C0-928C-FE5313B9949B} - c:\programdata\{35A5F47B-6BCE-46EE-967E-F62A1D87D879}\FFOv2011-8_Setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{048DBD20-445E8C82-05040104}]
    "ImagePath"="\??\c:\progra~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1476232679-447080670-1737744086-1000\Software\SecuROM\License information*]
    "datasecu"=hex:fb,03,8f,b0,79,7f,e5,de,56,a3,73,e0,b0,69,bf,4a,ef,cb,be,09,22,
    05,f5,9d,6f,f1,48,b8,7c,1c,91,26,29,6d,81,ce,5e,35,9a,f0,2f,37,2d,5c,32,69,\
    "rkeysecu"=hex:f9,b9,a5,c9,53,c4,75,c1,72,92,cd,bb,bf,36,7e,13
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-11-23 20:18:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-11-24 02:18
    .
    Pre-Run: 13,648,277,504 bytes free
    Post-Run: 14,976,585,728 bytes free
    .
    - - End Of File - - 39D03B18EC660819B622446B17513814
     
  16. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Looks good :)

    Any current issues?

    You can reinstall AVG now.

    ===========================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ==========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  17. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    Adwcleaner log:

    # AdwCleaner v2.008 - Logfile created 11/23/2012 at 21:03:20
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : Keegan - KEEGAN-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Keegan\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\Users\Keegan\AppData\LocalLow\boost_interprocess
    Folder Found : C:\Users\Keegan\AppData\Roaming\AVG Secure Search
    Folder Found : C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\extensions\plugin@yontoo.com

    ***** [Registry] *****

    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Found : HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
    Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={EC7F3533-F529-4E1D-9830-52AFAE9DEE90}&mid=5880512c526ea49a3628135b34d5fd8c-993c620a0638845eab78b62bac10aaf2f7d7189d&lang=en&ds=AVG&pr=fr&d=2011-09-27 11:38:57&v=9.0.0.22&sap=nt

    -\\ Mozilla Firefox v11.0 (en-US)

    Profile name : default
    File : C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\prefs.js

    Found : user_pref("browser.search.order.1", "Ask.com");

    -\\ Google Chrome v23.0.1271.64

    File : C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [4201 octets] - [23/11/2012 21:03:20]

    ########## EOF - C:\AdwCleaner[R1].txt - [4261 octets] ##########
     
  18. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    When I scanned with Spybot:S&D and AVG after the MBAR scan but before combofix, the first set of scans found the lower teir malware that had been tagging along with the scvhost.exe trojan, but the main one was gone. Following removal procedures and a reboot a second set of scans ran clean.
     
  19. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    OTL logs:

    OTL.txt part 1:

    OTL logfile created on: 11/23/2012 9:07:14 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keegan\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.67% Memory free
    9.88 Gb Paging File | 7.83 Gb Available in Paging File | 79.20% Paging File free
    Paging file location(s): c:\pagefile.sys 6139 9000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.20 Gb Total Space | 13.34 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 6.02 Gb Free Space | 41.11% Space Free | Partition Type: NTFS

    Computer Name: KEEGAN-PC | User Name: Keegan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/23 21:04:15 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/11/23 21:04:15 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2012/11/23 21:00:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keegan\Desktop\OTL.exe
    PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/02 16:58:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2009/07/07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
    PRC - [2008/12/16 20:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    PRC - [2008/12/16 20:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
    PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/23 21:04:15 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/11/23 21:04:15 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
    MOD - [2012/11/23 21:04:15 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
    MOD - [2012/11/14 18:04:09 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll
    MOD - [2012/11/14 18:02:42 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7844c1ae91c8f584025756ad72e65176\System.Web.Services.ni.dll
    MOD - [2012/11/14 18:02:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll
    MOD - [2012/11/14 15:11:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll
    MOD - [2012/11/14 15:11:12 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll
    MOD - [2012/11/14 15:11:04 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll
    MOD - [2012/11/14 15:10:06 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll
    MOD - [2012/11/14 15:09:56 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll
    MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/07/07 09:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
    MOD - [2009/07/07 09:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
    MOD - [2009/07/07 09:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
    MOD - [2009/07/07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
    MOD - [2009/07/07 09:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
    MOD - [2008/11/03 08:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/07/04 00:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/02/26 01:03:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_54cb4575\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_54cb4575\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/12/18 12:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2006/11/02 05:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
    SRV - [2012/11/23 21:04:15 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2012/11/19 21:48:16 | 002,462,128 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2012/10/08 14:34:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/10/04 09:25:41 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/02 16:58:37 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/12/16 20:14:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
    SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/11/23 21:04:15 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/07/04 00:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
    DRV:64bit: - [2012/07/04 00:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2012/07/04 00:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/07/03 23:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/28 20:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/06/15 09:10:14 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
    DRV:64bit: - [2010/02/26 01:03:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/09/08 20:02:11 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
    DRV:64bit: - [2009/09/08 20:02:10 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
    DRV:64bit: - [2008/12/22 03:26:28 | 004,735,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)
    DRV:64bit: - [2008/12/07 23:32:48 | 000,068,608 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
    DRV:64bit: - [2008/11/29 07:19:28 | 000,028,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
    DRV:64bit: - [2008/09/03 23:29:22 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2008/09/01 04:19:24 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV:64bit: - [2008/02/13 08:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
    DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2007/10/15 03:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
    DRV - [2008/11/04 17:16:40 | 000,028,152 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Dell Support Center\HWDiag\bin\pcd5srvc_x64.pkms -- (PCD5SRVC{048DBD20-445E8C82-05040104})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{899B35FF-D18B-8FBB-580A-E99390A9E0B2}: "URL" = http://www.bing.com/search?q={searc...install_date=20111112&iesrc={referrer:source}
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...af2f7d7189d&lang=en&ds=AVG&pr=fr&d=2012-11-23 21:04:38&v=13.2.0.4&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{BF03C3E9-1866-4CC7-A0AE-80F92FA21188}: "URL" = http://www.google.com/search?q={sea...ndex={startIndex?}&startPage={startPage}&rlz=
    IE - HKCU\..\SearchScopes\{CDCA56E2-0D77-44ED-B9BF-38E5C42FC5BE}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=0A458938-9F56-4360-BB7D-8E932F1D7200
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig|https://ww...yahoo.com/dc/launch?.gx=0&.rand=fkbf7tgsnqi6g"
    FF - prefs.js..extensions.enabledAddons: plugin@yontoo.com:1.20.00
    FF - prefs.js..extensions.enabledAddons: avg@toolbar:12.2.5.32
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Keegan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Keegan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/02 01:47:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/16 17:03:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.4 [2012/11/23 21:04:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/05 13:12:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/25 07:27:35 | 000,000,000 | ---D | M]

    [2012/04/05 18:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keegan\AppData\Roaming\Mozilla\Extensions
    [2012/09/03 23:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\extensions
    [2012/04/16 19:40:15 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\extensions\plugin@yontoo.com
    [2012/09/03 23:22:39 | 000,224,693 | ---- | M] () (No name found) -- C:\Users\Keegan\AppData\Roaming\Mozilla\Firefox\Profiles\4rd88xtf.default\extensions\fbphotozoom@installdaddy.com.xpi
    [2012/09/19 17:44:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
    [2012/03/12 22:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/11/23 21:04:20 | 000,003,544 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/03/12 22:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/03/12 22:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.msn.com/?pc=Z129&install_date=20111112
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.msn.com/?pc=Z129&install_date=20111112
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: AVG Secure Search = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.4_0\
    CHR - Extension: AVG Secure Search = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.4_0\.bak
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

    O1 HOSTS File: ([2012/11/23 20:10:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.4\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
    O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab (Reg Error: Key error.)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
    O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8AD0D0B8-9E06-423E-A34E-BC08B6EDFC8F}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
    O18 - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\GoToAssist: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O24 - Desktop WallPaper: C:\Users\Keegan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Keegan\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
  20. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    One of the rules I posted at the very beginning says:
     
  21. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    OTL.txt part 2:

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/11/23 21:04:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/11/23 21:04:46 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Local\AVG Secure Search
    [2012/11/23 21:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/11/23 21:04:35 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/11/23 21:04:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/11/23 21:03:28 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2012/11/23 21:00:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Keegan\Desktop\OTL.exe
    [2012/11/23 20:18:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/11/23 20:10:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/11/23 20:06:57 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Local\temp
    [2012/11/23 19:54:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/11/23 19:54:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/11/23 19:54:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/11/23 19:54:34 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/11/23 19:54:30 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/11/23 19:54:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/11/23 19:30:40 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\Keegan\Desktop\ComboFix.exe
    [2012/11/23 13:08:26 | 000,000,000 | ---D | C] -- C:\Users\Keegan\Desktop\mbar
    [2012/11/23 11:25:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Keegan\Desktop\aswMBR.exe
    [2012/11/23 11:20:03 | 000,000,000 | ---D | C] -- C:\Users\Keegan\Desktop\RK_Quarantine
    [2012/11/22 23:58:32 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/11/22 23:51:44 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Keegan\Desktop\TDSSKiller.exe
    [2012/11/20 19:03:53 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Roaming\Malwarebytes
    [2012/11/20 19:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/11/20 19:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/11/20 19:03:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/11/20 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/11/20 00:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2012/11/20 00:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2012/11/20 00:07:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2012/11/19 20:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2012/11/19 20:38:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2012/11/15 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Local\IIIU
    [2012/11/15 15:13:13 | 000,000,000 | ---D | C] -- C:\Users\Keegan\AppData\Roaming\GoforFiles
    [2012/11/15 15:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GoforFiles
    [2012/11/14 15:02:37 | 000,000,000 | ---D | C] -- C:\found.000
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/11/23 21:04:51 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/23 21:04:15 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2012/11/23 21:00:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keegan\Desktop\OTL.exe
    [2012/11/23 20:52:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/11/23 20:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/11/23 20:25:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476232679-447080670-1737744086-1000UA.job
    [2012/11/23 20:10:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/11/23 20:09:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/11/23 20:09:29 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/11/23 20:09:29 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/11/23 20:09:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/11/23 20:09:17 | 4293,242,880 | -HS- | M] () -- C:\hiberfil.sys
    [2012/11/23 19:30:45 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\Keegan\Desktop\ComboFix.exe
    [2012/11/23 18:25:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1476232679-447080670-1737744086-1000Core.job
    [2012/11/23 14:51:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/11/23 13:07:58 | 012,961,620 | ---- | M] () -- C:\Users\Keegan\Desktop\mbar-1.01.0.1009.zip
    [2012/11/23 13:01:33 | 000,000,512 | ---- | M] () -- C:\Users\Keegan\Desktop\MBR.dat
    [2012/11/23 11:41:46 | 000,755,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/11/23 11:41:46 | 000,640,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/11/23 11:41:46 | 000,118,878 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/11/23 11:25:52 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Keegan\Desktop\aswMBR.exe
    [2012/11/23 11:20:03 | 000,750,080 | ---- | M] () -- C:\Users\Keegan\Desktop\RogueKiller.exe
    [2012/11/23 02:54:34 | 000,013,312 | ---- | M] () -- C:\Users\Keegan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/11/22 00:07:50 | 545,417,675 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/11/21 21:41:39 | 000,000,229 | ---- | M] () -- C:\Windows\wininit.ini
    [2012/11/19 21:09:05 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2012/11/19 16:29:16 | 000,002,611 | ---- | M] () -- C:\Users\Keegan\Desktop\Microsoft Office Word 2007.lnk
    [2012/11/14 15:08:04 | 000,323,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/11/12 08:45:23 | 000,000,680 | ---- | M] () -- C:\Users\Keegan\AppData\Local\d3d9caps.dat
    [2012/11/12 00:38:14 | 000,879,243 | ---- | M] () -- C:\Users\Keegan\.DLMSave_back.xml
    [2012/11/12 00:38:14 | 000,879,243 | ---- | M] () -- C:\Users\Keegan\.DLMSave.xml
    [2012/11/09 08:26:47 | 000,002,049 | ---- | M] () -- C:\Users\Keegan\Desktop\Google Chrome.lnk
    [2012/11/09 08:26:47 | 000,002,011 | ---- | M] () -- C:\Users\Keegan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/11/08 22:38:23 | 000,008,634 | ---- | M] () -- C:\Users\Keegan\AppData\Roaming\wklnhst.dat
    [2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Keegan\Desktop\TDSSKiller.exe
    [2012/10/28 21:13:10 | 000,001,866 | ---- | M] () -- C:\Users\Keegan\.Setting.ini
    [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/11/23 21:04:51 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2012/11/23 19:54:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/11/23 19:54:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/11/23 19:54:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/11/23 19:54:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/11/23 19:54:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/11/23 13:07:55 | 012,961,620 | ---- | C] () -- C:\Users\Keegan\Desktop\mbar-1.01.0.1009.zip
    [2012/11/23 13:01:33 | 000,000,512 | ---- | C] () -- C:\Users\Keegan\Desktop\MBR.dat
    [2012/11/23 11:19:28 | 000,750,080 | ---- | C] () -- C:\Users\Keegan\Desktop\RogueKiller.exe
    [2012/11/22 00:21:07 | 4293,242,880 | -HS- | C] () -- C:\hiberfil.sys
    [2012/11/22 00:07:50 | 545,417,675 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/11/20 00:27:45 | 000,000,229 | ---- | C] () -- C:\Windows\wininit.ini
    [2012/11/06 17:01:37 | 000,879,243 | ---- | C] () -- C:\Users\Keegan\.DLMSave_back.xml
    [2012/09/26 22:14:53 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2012/08/10 12:38:07 | 000,027,520 | ---- | C] () -- C:\Users\Keegan\AppData\Local\dt.dat
    [2012/07/02 16:58:19 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2012/07/02 16:58:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2012/01/17 13:36:37 | 000,000,600 | ---- | C] () -- C:\Users\Keegan\AppData\Roaming\winscp.rnd
    [2012/01/13 17:20:16 | 000,879,243 | ---- | C] () -- C:\Users\Keegan\.DLMSave.xml
    [2012/01/13 17:13:56 | 000,001,866 | ---- | C] () -- C:\Users\Keegan\.Setting.ini
    [2011/10/30 20:02:09 | 000,751,312 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/10/27 00:00:51 | 000,136,804 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/07/02 13:43:30 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat
    [2010/10/26 13:19:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/02/21 12:32:37 | 000,013,312 | ---- | C] () -- C:\Users\Keegan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/01 09:09:56 | 000,000,680 | ---- | C] () -- C:\Users\Keegan\AppData\Local\d3d9caps.dat
    [2009/06/25 19:58:34 | 000,000,947 | ---- | C] () -- C:\Users\Keegan\AppData\Roaming\DataSafeDotNet.exe
    [2009/05/23 09:51:24 | 000,008,634 | ---- | C] () -- C:\Users\Keegan\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2012/09/08 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\.minecraft
    [2012/06/13 01:49:40 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Amazon
    [2012/03/13 13:07:30 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\AVG
    [2011/12/27 14:27:22 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\AVG Secure Search
    [2012/10/17 14:26:58 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\AVG2013
    [2012/01/25 18:13:17 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Dwarfs
    [2012/01/27 17:48:20 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Free MP3 WMA OGG Converter
    [2011/08/17 23:30:43 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\GetRightToGo
    [2012/11/15 15:13:22 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\GoforFiles
    [2011/12/29 00:06:00 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Kalypso Media
    [2009/12/05 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Leadertech
    [2012/09/26 22:15:42 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\MinMaxGames
    [2012/03/08 02:29:26 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Notepad++
    [2011/12/15 14:01:40 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\PunkBuster
    [2009/09/09 10:39:47 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Stardock
    [2010/06/30 15:13:39 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Template
    [2011/02/24 15:59:18 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\The Creative Assembly
    [2012/01/07 01:16:47 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Trine2
    [2011/06/19 13:53:13 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Tropico 3
    [2012/06/21 00:28:13 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Tropico 4
    [2010/05/20 14:05:24 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Tropico3
    [2012/06/21 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\TS3Client
    [2011/07/03 22:29:53 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\ts3overlay
    [2012/10/17 13:57:23 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\TuneUp Software
    [2011/12/17 22:08:36 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\Ubisoft
    [2010/12/20 08:45:08 | 000,000,000 | ---D | M] -- C:\Users\Keegan\AppData\Roaming\ZombieDriver

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3

    < End of report >
     
  22. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    Extras.txt part 1:

    OTL Extras logfile created on: 11/23/2012 9:07:14 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keegan\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.67% Memory free
    9.88 Gb Paging File | 7.83 Gb Available in Paging File | 79.20% Paging File free
    Paging file location(s): c:\pagefile.sys 6139 9000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 218.20 Gb Total Space | 13.34 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
    Drive E: | 14.65 Gb Total Space | 6.02 Gb Free Space | 41.11% Space Free | Partition Type: NTFS

    Computer Name: KEEGAN-PC | User Name: Keegan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = 75 C0 85 42 99 B4 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{66BD6B3E-8198-4823-9CF3-0B89C7F70B83}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E2C4F879-2F16-4CC4-ADAC-03897A9CA2BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{20713499-5977-4EF2-BB57-41A689856D0C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{54CF0A57-BE40-4BC1-AB1E-53A396692099}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6DAA29C9-B0EE-45CF-9A6E-273323C42DB6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{6F90A830-C11B-46B2-B265-3FB477FF29F6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9956D708-4491-4EBF-B914-21BEA564800D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ADDDD165-F3EA-41FF-9D95-85C06E0FA915}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E3EF65E5-A891-4422-AD3A-B5A13ED95F57}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F330F657-55AF-4DBF-943E-C385E61090FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{046A96C7-7F35-4067-9651-F1B2A61623A1}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{412452A9-36DB-4B30-8D3F-5AA09E06B038}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
     
  23. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    Extras.txt part 2:

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{914F7627-B645-9895-F723-BAEAAC865E75}" = AMD Catalyst Install Manager
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A89B52D3-DA3F-1CA3-BD33-D53871D60081}" = ccc-utility64
    "{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
    "{C35E248C-1495-5D01-6992-2740FF8830E2}" = ccc-utility64
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "AVG" = AVG 2013
    "CCleaner" = CCleaner
    "EPSON Printer and Utilities" = EPSON Printer Software
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
    "{054C5EBD-1803-9B06-A201-63A1A8A5C365}" = CCC Help Danish
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0FB8CBBF-CFBA-B7C5-6433-4F5132783C31}" = CCC Help Portuguese
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{143412FA-840C-6158-599F-2B32D0861F80}" = Catalyst Control Center Graphics Previews Common
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20EA5B84-7055-65D9-7378-59750A15C6B5}" = CCC Help Russian
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2680C5AE-EDC8-7A73-3D41-FCE9A2F22390}" = CCC Help German
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{32E879B3-F89C-5385-78C8-4DE7730C5FA0}" = Catalyst Control Center
    "{33D64034-5BC0-FF4F-6176-62ED61555CA8}" = CCC Help Thai
    "{3CFAAB58-35C8-84C9-1391-8D4373714AFE}" = CCC Help Spanish
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{453FDDF1-BA65-8D13-2E6F-1740190BB5C4}" = CCC Help Greek
    "{4728A95D-FD9B-CEE9-9609-BB01B5F82A0B}" = CCC Help Turkish
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4AFC194C-FEAD-B844-92C2-D0273872ECCF}" = CCC Help Dutch
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
    "{5308F6BF-4660-926A-B611-0CBB32F44DD0}" = CCC Help Swedish
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{69425AB7-75BF-25FC-EB4F-D2EAE9D82AA5}" = CCC Help Hungarian
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79839E2D-82B1-6DF1-97A6-6737E4404407}" = CCC Help Japanese
    "{7C2D9B2C-D78C-EC0A-2337-612FD4799750}" = CCC Help Czech
    "{7D9C2CBE-5941-0250-2922-804D0A506ED0}" = CCC Help Polish
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8F272838-BDD6-B433-D650-25E231AEFA8A}" = Catalyst Control Center InstallProxy
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9057D097-0563-6FFB-CDC6-DB2B2C5D1014}" = CCC Help Italian
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA387C7F-7413-9C5A-DB71-70E406A8A92E}" = CCC Help French
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{B00F5097-1F34-D3EA-4FB9-8DD2FAFF66F4}" = CCC Help Finnish
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B42129AB-E528-9CB4-7C8B-3BFE648F5CD8}" = CCC Help Norwegian
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{C1A27149-1897-8509-CBFC-2C96866C8AD6}" = CCC Help Korean
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CAE017F8-C238-4397-879B-7FBB915D9457}" = LogMeIn Hamachi
    "{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DE54DD68-6E24-9B72-467A-DFEE00E6E9A8}" = CCC Help Chinese Traditional
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
    "{E9FDD18A-206A-9A43-AAE3-AB72EFFCD333}" = CCC Help Chinese Standard
    "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{ED524538-828E-1AD8-D0E1-E2E72C926EE0}" = CCC Help English
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FCFE800F-8F42-1AC9-895C-10389CB90D86}" = Catalyst Control Center Localization All
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
    "Audacity_is1" = Audacity 1.2.6
    "Digital Editions" = Adobe Digital Editions
    "DivX Setup" = DivX Setup
    "eMusic Download Manager 5.0.5" = eMusic Download Manager
    "Free MP3 WMA OGG Converter_is1" = Free MP3 WMA OGG Converter 8.2.5
    "Google Updater" = Google Updater
    "Guild Wars 2" = Guild Wars 2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Impulse" = Impulse
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "LogMeIn Hamachi" = LogMeIn Hamachi
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "Notepad++" = Notepad++
    "OpenAL" = OpenAL
    "ResourceHacker_is1" = Resource Hacker Version 3.6.0
    "Steam App 107200" = Space Pirates and Zombies
    "Steam App 107800" = Rochard
    "Steam App 201790" = Orcs Must Die! 2
    "Steam App 203770" = Crusader Kings II
    "Steam App 35720" = Trine 2
    "Steam App 3590" = Plants vs. Zombies: Game of the Year
    "Steam App 41500" = Torchlight
    "Steam App 440" = Team Fortress 2
    "Steam App 560" = Left 4 Dead 2 Dedicated Server
    "Steam App 564" = Left 4 Dead 2 Add-on Support
    "VLC media player" = VLC media player 2.0.3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.10 (32-bit)
    "winscp3_is1" = WinSCP 4.3.6
    "XiphQT" = Xiph QuickTime Components
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/22/2011 1:32:22 AM | Computer Name = Keegan-PC | Source = Application Error | ID = 1000
    Description = Faulting application hl2.exe, version 0.0.0.0, time stamp 0x4e989cd3,
    faulting module filesystem_steam.dll_unloaded, version 0.0.0.0, time stamp 0x4e9f441f,
    exception code 0xc0000005, fault offset 0x67f4f1e9, process id 0x12d4, application
    start time 0x01cc9074645e75e0.

    Error - 10/22/2011 2:01:06 PM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
    Description = The program steam.exe version 1.0.1065.11 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1fb8 Start Time: 01cc901d811aa480 Termination Time: 7815

    Error - 10/22/2011 2:02:02 PM | Computer Name = Keegan-PC | Source = Bonjour Service | ID = 100
    Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
    closed by the remote host.)

    Error - 10/22/2011 2:06:03 PM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 1744 Start Time: 01cc90610069e870 Termination Time: 985

    Error - 10/23/2011 1:57:47 AM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
    Description = The program hl2.exe version 0.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Problem Reports and Solutions control panel. Process
    ID: 10c4 Start Time: 01cc912874dfb8c0 Termination Time: 20151

    Error - 10/23/2011 3:38:01 AM | Computer Name = Keegan-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 10/23/2011 9:08:49 PM | Computer Name = Keegan-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
    0x4d76255d, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb7341c,
    exception code 0xc0000374, fault offset 0x000abdcb, process id 0x2604, application
    start time 0x01cc91aaf984ce80.

    Error - 10/25/2011 9:43:27 PM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: e00 Start Time: 01cc937f0063ec60 Termination Time: 14

    Error - 10/26/2011 5:44:43 PM | Computer Name = Keegan-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: ae4 Start Time: 01cc9420e699df90 Termination Time: 14

    Error - 10/27/2011 12:21:33 AM | Computer Name = Keegan-PC | Source = System Restore | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 12/15/2011 2:54:15 PM | Computer Name = Keegan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/5/2012 5:10:23 AM | Computer Name = Keegan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    Error - 2/23/2012 12:08:55 AM | Computer Name = Keegan-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    [ System Events ]
    Error - 11/23/2012 9:49:04 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/23/2012 9:49:04 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/23/2012 9:49:04 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7024
    Description =

    Error - 11/23/2012 9:52:20 PM | Computer Name = Keegan-PC | Source = DCOM | ID = 10010
    Description =

    Error - 11/23/2012 10:03:24 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/23/2012 10:06:31 PM | Computer Name = Keegan-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 11/23/2012 10:08:21 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 11/23/2012 10:09:40 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/23/2012 10:09:40 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/23/2012 10:09:41 PM | Computer Name = Keegan-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 47,020   +255

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\SearchScopes\{CDCA56E2-0D77-44ED-B9BF-38E5C42FC5BE}: "URL" = http://websearch.ask.com/redirect?c...pn_sauid=0A458938-9F56-4360-BB7D-8E932F1D7200
      FF - prefs.js..browser.search.order.1: "Ask.com"
      O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
      O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not found
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
      O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
      O16 - DPF: {10000000-1000-1000-1000-100000000000} http://cdn.betteradvertising.com/ghostery/addons/ie/2.4.2.0/ghostery.cab (Reg Error: Key error.)
      O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab (Reg Error: Key error.)
      O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
      @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =============================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. DonkeyHote

    DonkeyHote TS Rookie Topic Starter Posts: 23

    OTL with fixes log:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CDCA56E2-0D77-44ED-B9BF-38E5C42FC5BE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CDCA56E2-0D77-44ED-B9BF-38E5C42FC5BE}\ not found.
    Prefs.js: "Ask.com" removed from browser.search.order.1
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}\ not found.
    Starting removal of ActiveX control {10000000-1000-1000-1000-100000000000}
    C:\Windows\Downloaded Program Files\WebInstallRunner.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-1000-1000-100000000000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10000000-1000-1000-1000-100000000000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10000000-1000-1000-1000-100000000000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10000000-1000-1000-1000-100000000000}\ not found.
    Starting removal of ActiveX control {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}\ not found.
    Starting removal of ActiveX control {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}
    C:\Windows\Downloaded Program Files\BP4FUpdater.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
    File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ADS C:\ProgramData\TEMP:5D432CE3 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56519 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 26572330 bytes
    ->Flash cache emptied: 1239 bytes

    User: Keegan
    ->Temp folder emptied: 19995855 bytes
    ->Temporary Internet Files folder emptied: 21207103 bytes
    ->Java cache emptied: 136168 bytes
    ->FireFox cache emptied: 58837265 bytes
    ->Google Chrome cache emptied: 249435218 bytes
    ->Flash cache emptied: 315589 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 356352 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7110 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 359.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest

    User: Keegan
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Keegan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 11232012_213904

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Keegan\AppData\Local\Temp\etilqs_D2eiB0iKvfkwDdX not found!
    File\Folder C:\Users\Keegan\AppData\Local\Temp\etilqs_haZAlCKMSmAh33A not found!
    File\Folder C:\Users\Keegan\AppData\Local\Temp\etilqs_Qp1efDcX1ruRjso not found!
    C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
    C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
    C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
    C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
    C:\Users\Keegan\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.