Win64/patched.a removal help needed services.exe infected

Solved
By Lfis492a
Oct 23, 2012
  1. AVG shows this virus can't be healed. I tried the avg recovery cd they suggested but it too didn't repair the services.exe file I have the frst64 info below. in order frst.txt then search.txt THANKS FOR YOUR HELP and can you teach me how to produce the script to help others too??? or just know what to look for in the results to manually take out?

    t Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 14:15 - 2012-08-18 03:19 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 14:15 - 2012-08-18 03:17 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 14:15 - 2012-08-18 03:17 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 14:15 - 2012-08-18 03:17 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 01:12 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 14:15 - 2012-08-18 01:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 14:15 - 2012-08-18 01:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 01:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 01:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 01:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 17:30 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-09 17:29 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-09 17:29 - 2012-09-14 10:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-09 17:29 - 2012-08-30 10:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-09 17:29 - 2012-08-30 09:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-09 17:29 - 2012-08-30 09:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-09 17:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-09 17:29 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-09 17:29 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 17:29 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-09 17:28 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-09 17:28 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-09 17:28 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-09 17:28 - 2012-06-01 20:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-09 17:28 - 2012-06-01 20:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-09 17:28 - 2012-06-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-08 14:02 - 2012-10-08 15:22 - 00000000 ____D C:\Users\Grumpy\Desktop\baby shower
    2012-10-07 19:53 - 2012-10-07 19:54 - 18124080 ____A (Microsoft Corporation) C:\Users\Grumpy\Downloads\IE9-Windows7-x86-enu.exe
    2012-10-07 17:54 - 2012-10-07 17:54 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{5AF65E98-6C90-4AF2-B8DA-7E465E5BDACF}
    2012-10-07 15:43 - 2012-10-07 15:43 - 00000000 __SHD C:\found.012
    2012-10-04 23:26 - 2012-10-04 23:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-01 23:30 - 2012-10-01 23:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-29 14:41 - 2012-09-29 14:41 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{1AE1E6FE-AF3E-4944-8BAD-4C4B27E30370}
    2012-09-29 05:23 - 2012-10-15 13:54 - 00000844 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Users\Grumpy\AppData\Roaming\TuneUp Software
    2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Users\Grumpy\AppData\Roaming\AVG2013
    2012-09-29 05:22 - 2012-09-29 05:22 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-09-29 05:18 - 2012-10-23 07:43 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-09-29 05:15 - 2012-10-22 10:44 - 00000000 ____D C:\Users\Grumpy\AppData\Local\Avg2013
    2012-09-29 05:15 - 2012-09-29 05:15 - 00000000 ____D C:\Users\Grumpy\AppData\Local\MFAData
    2012-09-26 17:57 - 2012-09-26 17:57 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{18538102-3BE7-4B9E-A1F1-BB29FD78C27C}
    2012-09-25 16:30 - 2012-09-25 16:30 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{4FC66E94-0F90-4BC0-BF85-9A439D25FFF8}
    2012-09-24 02:48 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-24 02:48 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-24 02:48 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-24 02:48 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-24 02:48 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-24 02:48 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-24 02:48 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-24 02:48 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-24 02:48 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-24 02:48 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-24 02:48 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-24 02:48 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-24 02:48 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-24 02:48 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-24 02:48 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-24 02:48 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-24 02:48 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-24 02:48 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-24 02:48 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-24 02:48 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-24 02:48 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-24 02:48 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-24 02:48 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-24 02:48 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-24 02:48 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-24 02:48 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-24 02:48 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-24 02:48 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-24 02:48 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-24 02:48 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-24 02:48 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-24 02:48 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll


    ==================== 3 Months Modified Files ==================

    2012-10-23 09:30 - 2012-10-23 09:30 - 01459119 ____A (Farbar) C:\Users\Grumpy\Downloads\FRST64.exe
    2012-10-23 09:17 - 2012-03-29 02:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-23 09:13 - 2010-06-11 14:01 - 01262863 ____A C:\Windows\WindowsUpdate.log
    2012-10-23 08:53 - 2010-06-24 21:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-23 07:52 - 2012-10-23 07:12 - 00000168 ____A C:\Windows\setupact.log
    2012-10-23 07:47 - 2012-10-23 07:47 - 00000361 ____A C:\rkill.log
    2012-10-23 07:37 - 2012-10-23 07:37 - 02194704 ____A C:\Users\Grumpy\Downloads\tdsskiller.zip
    2012-10-23 07:20 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-23 07:20 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-23 07:13 - 2010-12-03 14:05 - 24273408 __ASH C:\Users\Grumpy\Desktop\Thumbs.db
    2012-10-23 07:12 - 2012-10-23 07:12 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-23 07:12 - 2010-06-24 21:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-23 07:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-22 19:59 - 2012-10-22 19:59 - 00021336 ____A C:\AdwCleaner[R1].txt
    2012-10-22 19:54 - 2012-10-22 19:54 - 00448512 ____A (OldTimer Tools) C:\Users\Grumpy\Downloads\TFC.exe
    2012-10-22 19:52 - 2012-10-22 19:52 - 00538941 ____A C:\Users\Grumpy\Downloads\adwcleaner.exe
    2012-10-22 19:49 - 2012-10-22 19:49 - 00694323 ____A (Farbar) C:\Users\Grumpy\Downloads\FSS.exe
    2012-10-22 19:48 - 2012-10-22 19:48 - 00881773 ____A C:\Users\Grumpy\Downloads\SecurityCheck.exe
    2012-10-22 16:09 - 2012-10-22 16:09 - 92121088 ____A C:\Users\Grumpy\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-22 10:46 - 2012-10-22 10:44 - 00000238 ____A C:\Windows\System32\avgrep.txt
    2012-10-22 09:29 - 2012-10-22 09:29 - 00150293 ____A C:\Users\Grumpy\AppData\Local\census.cache
    2012-10-22 09:29 - 2012-10-22 09:29 - 00096958 ____A C:\Users\Grumpy\AppData\Local\ars.cache
    2012-10-22 09:22 - 2012-10-22 09:22 - 02002944 ____A (Trend Micro Inc.) C:\Users\Grumpy\Downloads\HousecallLauncher.exe
    2012-10-22 09:22 - 2012-10-22 09:22 - 00000036 ____A C:\Users\Grumpy\AppData\Local\housecall.guid.cache
    2012-10-21 20:53 - 2012-10-21 20:53 - 03941312 ____A (Piriform Ltd) C:\Users\Grumpy\Downloads\ccsetup323.exe
    2012-10-21 20:53 - 2012-10-21 20:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-10-21 20:51 - 2012-10-21 20:51 - 00000057 ____A C:\Users\Grumpy\Desktop\virhere.txt
    2012-10-21 20:48 - 2012-10-21 20:48 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-21 20:47 - 2012-10-21 20:47 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Grumpy\Downloads\mbam-setup-1.65.1.1000.exe
    2012-10-21 20:47 - 2011-11-14 16:48 - 00020992 __ASH C:\Users\Grumpy\Downloads\Thumbs.db
    2012-10-21 20:07 - 2012-10-19 02:17 - 83023306 ___AT C:\Users\All Users\8fc86754.pad
    2012-10-18 17:47 - 2011-10-16 12:14 - 00124052 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-10-15 13:54 - 2012-09-29 05:23 - 00000844 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-10-14 19:02 - 2010-06-11 16:55 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-12 15:02 - 2012-10-12 15:01 - 58674136 ____A (AVG) C:\Users\Grumpy\Downloads\avg_tuh_stf_all_2013_2_24c5.exe
    2012-10-10 14:55 - 2012-01-07 07:08 - 00002338 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-10-08 15:17 - 2012-03-29 02:37 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-08 15:17 - 2011-05-16 02:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-07 19:54 - 2012-10-07 19:53 - 18124080 ____A (Microsoft Corporation) C:\Users\Grumpy\Downloads\IE9-Windows7-x86-enu.exe
    2012-10-04 23:26 - 2012-10-04 23:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-04 13:33 - 2009-07-13 21:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-01 23:30 - 2012-10-01 23:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-29 15:54 - 2012-10-21 20:48 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-22 12:34 - 2011-04-22 22:48 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
    2012-09-20 23:46 - 2012-09-20 23:46 - 00225120 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
    2012-09-20 23:46 - 2012-09-20 23:46 - 00200032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-09-20 23:45 - 2012-09-20 23:45 - 00061792 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
    2012-09-20 13:42 - 2012-09-20 13:42 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-14 11:23 - 2012-10-09 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:30 - 2012-10-09 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-13 23:05 - 2012-09-13 23:05 - 00040800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
    2012-09-12 23:11 - 2012-09-12 23:11 - 00151904 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-09-11 18:46 - 2011-11-27 16:06 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-09-10 19:32 - 2012-09-10 19:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
    2012-09-05 19:30 - 2010-06-11 18:27 - 00001065 ____A C:\Users\Public\Desktop\AnyDVD.lnk
    2012-09-05 19:29 - 2012-09-05 19:29 - 10186792 ____A C:\Users\Grumpy\Downloads\SetupAnyDVD7080.exe
    2012-09-05 19:25 - 2012-09-05 19:25 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-09-05 19:25 - 2012-09-05 19:25 - 00001046 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    2012-09-05 19:24 - 2012-09-05 19:24 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-09-05 19:24 - 2012-09-05 19:24 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-09-05 19:24 - 2012-09-05 19:24 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-09-05 19:24 - 2012-09-05 19:24 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-09-05 19:24 - 2012-09-05 19:24 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-09-05 19:21 - 2012-09-05 19:21 - 00760128 ____A (RealNetworks, Inc.) C:\Users\Grumpy\Downloads\RealPlayer(2).exe
    2012-09-04 15:04 - 2012-09-04 15:02 - 135933721 ____A C:\Users\Grumpy\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US(1).exe
    2012-09-03 18:23 - 2012-09-03 18:23 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-31 13:38 - 2012-08-31 13:35 - 135933721 ____A C:\Users\Grumpy\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
    2012-08-31 10:02 - 2012-10-09 17:30 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:11 - 2012-10-09 17:29 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:18 - 2012-10-09 17:29 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:18 - 2012-10-09 17:29 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-26 04:56 - 2012-08-26 04:56 - 00138400 ____A (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
    2012-08-26 04:56 - 2012-08-26 04:56 - 00138400 ____A (SlySoft, Inc.) C:\Windows\System32\Drivers\AnyDVD.sys
    2012-08-25 14:56 - 2012-08-25 14:56 - 00000235 ____A C:\Users\Grumpy\Desktop\Netflix.url
    2012-08-25 14:36 - 2012-08-25 14:36 - 00692480 ____A (RealNetworks, Inc.) C:\Users\Grumpy\Downloads\RealPlayer(1).exe
    2012-08-24 10:05 - 2012-10-09 17:29 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 09:10 - 2012-10-09 17:29 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-24 02:48 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-24 02:48 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-24 02:48 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-24 02:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-24 02:48 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-24 02:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-24 02:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-24 02:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-24 02:48 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-24 02:48 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-24 02:48 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-24 02:48 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-24 02:48 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-24 02:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-24 02:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-24 02:48 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-24 02:48 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-24 02:48 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-24 02:48 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-24 02:48 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-24 02:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-24 02:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-24 02:48 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-24 02:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-24 02:48 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-24 02:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-24 02:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-24 02:48 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-24 02:48 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-24 02:48 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-24 02:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-24 02:48 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-21 09:01 - 2012-09-20 13:42 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 09:01 - 2010-08-14 18:59 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 09:01 - 2010-08-14 18:59 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-18 12:44 - 2012-08-18 12:44 - 04615016 ____A (Garmin International) C:\Users\Grumpy\Downloads\GarminMapUpdater.exe
    2012-08-18 07:43 - 2012-10-10 14:15 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-18 07:43 - 2012-10-10 14:15 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-18 07:43 - 2012-10-10 14:15 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-18 07:42 - 2012-10-10 14:15 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-18 07:40 - 2012-10-10 14:15 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-18 07:37 - 2012-10-10 14:15 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-18 07:37 - 2012-10-10 14:15 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-18 07:34 - 2012-10-10 14:15 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-18 07:22 - 2012-10-10 14:15 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-18 03:22 - 2012-10-10 14:15 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-18 03:19 - 2012-10-10 14:15 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-18 03:17 - 2012-10-10 14:15 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-18 03:17 - 2012-10-10 14:15 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-18 03:17 - 2012-10-10 14:15 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-18 01:12 - 2012-10-10 14:15 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-18 01:12 - 2012-10-10 14:15 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-18 01:07 - 2012-10-10 14:15 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 14:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-15 13:59 - 2009-07-13 20:45 - 00299560 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-10 16:53 - 2012-10-09 17:29 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:54 - 2012-10-09 17:29 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-05 05:56 - 2012-08-05 05:56 - 09949624 ____A C:\Users\Grumpy\Downloads\SetupAnyDVD7060.exe
    2012-08-02 09:55 - 2012-09-12 00:02 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 09:05 - 2012-09-12 00:02 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-30 07:24 - 2012-07-30 07:24 - 00158720 ____A (Prolific Technology Inc.) C:\Windows\System32\Drivers\ser2pl64.sys

    ZeroAccess:
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\L
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\L\00000004.@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\L\201d3dde
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\00000004.@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\00000008.@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\000000cb.@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\80000032.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-14 03:03:54
    Restore point made on: 2012-10-14 03:05:27
    Restore point made on: 2012-10-14 19:01:49
    Restore point made on: 2012-10-14 19:05:41
    Restore point made on: 2012-10-14 19:06:45
    Restore point made on: 2012-10-15 02:37:02
    Restore point made on: 2012-10-15 17:07:45
    Restore point made on: 2012-10-16 02:32:05
    Restore point made on: 2012-10-16 02:58:37
    Restore point made on: 2012-10-16 23:00:58
    Restore point made on: 2012-10-17 02:39:54
    Restore point made on: 2012-10-17 19:25:44
    Restore point made on: 2012-10-18 02:52:21
    Restore point made on: 2012-10-19 02:22:29
    Restore point made on: 2012-10-21 20:08:32

    ==================== Memory info ===========================

    Percentage of memory in use: 10%
    Total physical RAM: 8191.11 MB
    Available physical RAM: 7339.36 MB
    Total Pagefile: 8189.26 MB
    Available Pagefile: 7337.01 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:764.35 GB) NTFS
    2 Drive d: (Main Drive 3) (Fixed) (Total:44.33 GB) (Free:17.78 GB) NTFS
    3 Drive e: (DATA) (Fixed) (Total:83.67 GB) (Free:79.09 GB) NTFS
    5 Drive h: (CDROM) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
    8 Drive k: (HP v125w) (Removable) (Total:7.45 GB) (Free:5.46 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 279 GB 151 GB
    Disk 2 No Media 0 B 0 B
    Disk 3 Online 7643 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C NTFS Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 44 GB 31 KB
    Partition 0 Extended 83 GB 44 GB
    Partition 2 Logical 83 GB 44 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 D Main Drive NTFS Partition 44 GB Healthy

    =========================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 E DATA NTFS Partition 83 GB Healthy

    =========================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7643 MB 31 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K HP v125w FAT32 Removable 7643 MB Healthy

    =========================================================

    Last Boot: 2012-10-16 15:20

    ==================== End Of Log =============================

    NEXT IS SEARCH TXT

    Farbar Recovery Scan Tool (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-10-23 13:59:17
    Running from K:\

    ================== Search: "services.exe; volsnap.sys; winlogon.exe" ===================

    C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys
    [2009-07-13 15:20] - [2009-07-13 17:45] - 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C

    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
    [2010-06-11 16:50] - [2009-10-27 23:01] - 0389632 ____A (Microsoft Corporation) A93D41A4D4B0D91C072D11DD8AF266DE

    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
    [2010-06-11 16:50] - [2009-10-27 22:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A

    C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
    [2009-07-13 15:52] - [2009-07-13 17:39] - 0389120 ____A (Microsoft Corporation) 132328DF455B0028F13BF0ABEE51A63A

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    C:\Windows\System32\winlogon.exe
    [2010-06-11 16:50] - [2009-10-27 22:24] - 0389632 ____A (Microsoft Corporation) DA3E2A6FA9660CC75B471530CE88453A

    C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
    [2009-07-13 15:20] - [2009-07-13 17:45] - 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C

    C:\Windows\System32\drivers\volsnap.sys
    [2009-07-13 15:20] - [2009-07-13 17:45] - 0294992 ____A (Microsoft Corporation) 58F82EED8CA24B461441F9C3E4F0BF5C

    C:\Users\Grumpy\AppData\Local\Temp\RarSFX0\winlogon.exe
    [2012-10-23 07:46] - [2009-05-26 14:47] - 0031232 ____A (NirSoft) AC6094297CD882B8626466CDEB64F19F

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2012-10-21 20:48] - [2012-09-29 15:54] - 0218184 ____A () 8846E87210AD131CF71E3E2E49F647B0

    ====== End Of Search ======
  2. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    FRST log is incomplete.
    Please redo.
  3. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2012
    Ran by SYSTEM at 23-10-2012 13:53:04
    Running from K:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" [1873288 2011-08-01] (Microsoft Corporation)
    HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-29] ()
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296096 2012-09-05] (RealNetworks, Inc.)
    HKU\Grumpy\...\Run: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [93856 2012-08-29] (SlySoft, Inc.)
    HKU\Grumpy\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
    HKU\Grumpy\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2012-01-22] (TomTom)
    HKU\Grumpy\...\Run: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe" [434168 2012-05-18] (TomTom)
    HKU\Grumpy\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-08-29] (Apple Inc.)
    HKU\Grumpy\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-09-10] (Apple Inc.)
    HKLM-x32\...\runonceex: []
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
    ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Smart Wizard.lnk
    ShortcutTarget: NETGEAR WNDA3100v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
    Startup: C:\Users\Grumpy\Start Menu\Programs\Startup\_uninst_.lnk
    ShortcutTarget: _uninst_.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-01] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-01] (AVG Technologies CZ, s.r.o.)
    2 dldt_device; C:\Windows\system32\dldtcoms.exe -service [1044648 2009-07-09] ( )
    2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [976728 2012-09-22] (Trusteer Ltd.)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 ScsiAccess; C:\Windows\SysWOW64\ScsiAccess.EXE [181312 2003-02-04] ()
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-03] ()
    2 WSWNDA3100; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [278528 2009-11-04] ()
    2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]

    ==================== Drivers (Whitelisted) =====================

    3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
    3 AnyDVD; C:\Windows\SysWow64\Drivers\AnyDVD.sys [138400 2012-08-26] (SlySoft, Inc.)
    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-12] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-20] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-03] (AVG Technologies)
    3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
    3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
    1 RapportCerberus_42020; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [397720 2012-08-09] ()
    1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-09-22] (Trusteer Ltd.)
    0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101688 2012-09-22] (Trusteer Ltd.)
    1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297240 2012-09-22] (Trusteer Ltd.)
    3 WPRO_40_1340; C:\Windows\System32\drivers\WPRO_40_1340.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-23 09:30 - 2012-10-23 09:30 - 01459119 ____A (Farbar) C:\Users\Grumpy\Downloads\FRST64.exe
    2012-10-23 07:47 - 2012-10-23 07:47 - 00000361 ____A C:\rkill.log
    2012-10-23 07:38 - 2012-10-23 07:38 - 00000000 ____D C:\Users\Grumpy\Downloads\tdsskiller
    2012-10-23 07:37 - 2012-10-23 07:37 - 02194704 ____A C:\Users\Grumpy\Downloads\tdsskiller.zip
    2012-10-23 07:12 - 2012-10-23 07:52 - 00000168 ____A C:\Windows\setupact.log
    2012-10-23 07:12 - 2012-10-23 07:12 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-22 19:59 - 2012-10-22 19:59 - 00021336 ____A C:\AdwCleaner[R1].txt
    2012-10-22 19:54 - 2012-10-22 19:54 - 00448512 ____A (OldTimer Tools) C:\Users\Grumpy\Downloads\TFC.exe
    2012-10-22 19:52 - 2012-10-22 19:52 - 00538941 ____A C:\Users\Grumpy\Downloads\adwcleaner.exe
    2012-10-22 19:49 - 2012-10-22 19:49 - 00694323 ____A (Farbar) C:\Users\Grumpy\Downloads\FSS.exe
    2012-10-22 19:48 - 2012-10-22 19:48 - 00881773 ____A C:\Users\Grumpy\Downloads\SecurityCheck.exe
    2012-10-22 16:09 - 2012-10-22 16:09 - 92121088 ____A C:\Users\Grumpy\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-22 10:44 - 2012-10-22 10:46 - 00000238 ____A C:\Windows\System32\avgrep.txt
    2012-10-22 09:29 - 2012-10-22 09:29 - 00150293 ____A C:\Users\Grumpy\AppData\Local\census.cache
    2012-10-22 09:29 - 2012-10-22 09:29 - 00096958 ____A C:\Users\Grumpy\AppData\Local\ars.cache
    2012-10-22 09:23 - 2012-06-04 23:37 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys
    2012-10-22 09:22 - 2012-10-22 09:22 - 02002944 ____A (Trend Micro Inc.) C:\Users\Grumpy\Downloads\HousecallLauncher.exe
    2012-10-22 09:22 - 2012-10-22 09:22 - 00000036 ____A C:\Users\Grumpy\AppData\Local\housecall.guid.cache
    2012-10-21 21:01 - 2012-10-21 21:01 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
    2012-10-21 20:57 - 2012-10-23 07:42 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-10-21 20:53 - 2012-10-21 20:53 - 03941312 ____A (Piriform Ltd) C:\Users\Grumpy\Downloads\ccsetup323.exe
    2012-10-21 20:53 - 2012-10-21 20:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-10-21 20:53 - 2012-10-21 20:53 - 00000000 ____D C:\Program Files\CCleaner
    2012-10-21 20:51 - 2012-10-21 20:51 - 00000057 ____A C:\Users\Grumpy\Desktop\virhere.txt
    2012-10-21 20:48 - 2012-10-21 20:48 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-21 20:48 - 2012-10-21 20:48 - 00000000 ____D C:\Users\Grumpy\AppData\Roaming\Malwarebytes
    2012-10-21 20:48 - 2012-10-21 20:48 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-10-21 20:48 - 2012-10-21 20:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-10-21 20:48 - 2012-09-29 15:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-10-21 20:47 - 2012-10-21 20:47 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Grumpy\Downloads\mbam-setup-1.65.1.1000.exe
    2012-10-19 02:17 - 2012-10-21 20:07 - 83023306 ___AT C:\Users\All Users\8fc86754.pad
    2012-10-18 13:13 - 2012-10-18 13:14 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{59D117E6-E758-40A8-A446-F0C5157500A6}
    2012-10-17 18:07 - 2012-10-17 18:07 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{C3BC2E1A-7A30-4F07-BF2B-1D3E9E98ED75}
    2012-10-17 14:16 - 2012-10-17 14:16 - 00000000 __SHD C:\found.013
    2012-10-14 18:18 - 2012-10-14 18:18 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{1A1E4CB4-EE4B-4434-9F7E-6FECE320B2FA}
    2012-10-12 15:03 - 2012-10-12 15:03 - 00000000 ____D C:\Users\Grumpy\AppData\Roaming\AVG
    2012-10-12 15:02 - 2012-10-12 15:04 - 00000000 ____D C:\Users\All Users\AVG
    2012-10-12 15:02 - 2012-10-12 15:02 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-12 15:01 - 2012-10-12 15:02 - 58674136 ____A (AVG) C:\Users\Grumpy\Downloads\avg_tuh_stf_all_2013_2_24c5.exe
    2012-10-10 14:15 - 2012-08-18 07:43 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-10 14:15 - 2012-08-18 07:43 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-10 14:15 - 2012-08-18 07:43 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-10 14:15 - 2012-08-18 07:42 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-10 14:15 - 2012-08-18 07:40 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-10 14:15 - 2012-08-18 07:37 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-10 14:15 - 2012-08-18 07:37 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-10 14:15 - 2012-08-18 07:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-10 14:15 - 2012-08-18 07:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 07:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-10 14:15 - 2012-08-18 03:19 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-10 14:15 - 2012-08-18 03:17 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-10 14:15 - 2012-08-18 03:17 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-10 14:15 - 2012-08-18 03:17 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 03:09 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 01:12 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-10 14:15 - 2012-08-18 01:12 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-10 14:15 - 2012-08-18 01:07 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 01:07 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 01:07 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-10 14:15 - 2012-08-18 01:07 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 17:30 - 2012-08-31 10:02 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-09 17:29 - 2012-09-14 11:23 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-09 17:29 - 2012-09-14 10:30 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-09 17:29 - 2012-08-30 10:11 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-09 17:29 - 2012-08-30 09:18 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-09 17:29 - 2012-08-30 09:18 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-09 17:29 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-09 17:29 - 2012-08-24 09:10 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-09 17:29 - 2012-08-10 16:53 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 17:29 - 2012-08-10 15:54 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-09 17:28 - 2012-06-01 21:25 - 01462784 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-09 17:28 - 2012-06-01 21:25 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-09 17:28 - 2012-06-01 21:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-09 17:28 - 2012-06-01 20:45 - 01157632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-09 17:28 - 2012-06-01 20:45 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-09 17:28 - 2012-06-01 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-08 14:02 - 2012-10-08 15:22 - 00000000 ____D C:\Users\Grumpy\Desktop\baby shower
    2012-10-07 19:53 - 2012-10-07 19:54 - 18124080 ____A (Microsoft Corporation) C:\Users\Grumpy\Downloads\IE9-Windows7-x86-enu.exe
    2012-10-07 17:54 - 2012-10-07 17:54 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{5AF65E98-6C90-4AF2-B8DA-7E465E5BDACF}
    2012-10-07 15:43 - 2012-10-07 15:43 - 00000000 __SHD C:\found.012
    2012-10-04 23:26 - 2012-10-04 23:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-01 23:30 - 2012-10-01 23:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-29 14:41 - 2012-09-29 14:41 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{1AE1E6FE-AF3E-4944-8BAD-4C4B27E30370}
    2012-09-29 05:23 - 2012-10-15 13:54 - 00000844 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Users\Grumpy\AppData\Roaming\TuneUp Software
    2012-09-29 05:23 - 2012-09-29 05:23 - 00000000 ____D C:\Users\Grumpy\AppData\Roaming\AVG2013
    2012-09-29 05:22 - 2012-09-29 05:22 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-09-29 05:18 - 2012-10-23 07:43 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-09-29 05:15 - 2012-10-22 10:44 - 00000000 ____D C:\Users\Grumpy\AppData\Local\Avg2013
    2012-09-29 05:15 - 2012-09-29 05:15 - 00000000 ____D C:\Users\Grumpy\AppData\Local\MFAData
    2012-09-26 17:57 - 2012-09-26 17:57 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{18538102-3BE7-4B9E-A1F1-BB29FD78C27C}
    2012-09-25 16:30 - 2012-09-25 16:30 - 00000000 ____D C:\Users\Grumpy\AppData\Local\{4FC66E94-0F90-4BC0-BF85-9A439D25FFF8}
    2012-09-24 02:48 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-24 02:48 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-24 02:48 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-24 02:48 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-24 02:48 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-24 02:48 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-24 02:48 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-24 02:48 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-24 02:48 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-24 02:48 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-24 02:48 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-24 02:48 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-24 02:48 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-24 02:48 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-24 02:48 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-24 02:48 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-24 02:48 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-24 02:48 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-24 02:48 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-24 02:48 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-24 02:48 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-24 02:48 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-24 02:48 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-24 02:48 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-24 02:48 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-24 02:48 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-24 02:48 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-24 02:48 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-24 02:48 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-24 02:48 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-24 02:48 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-24 02:48 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll


    ==================== 3 Months Modified Files ==================

    2012-10-23 09:30 - 2012-10-23 09:30 - 01459119 ____A (Farbar) C:\Users\Grumpy\Downloads\FRST64.exe
    2012-10-23 09:17 - 2012-03-29 02:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-23 09:13 - 2010-06-11 14:01 - 01262863 ____A C:\Windows\WindowsUpdate.log
    2012-10-23 08:53 - 2010-06-24 21:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-23 07:52 - 2012-10-23 07:12 - 00000168 ____A C:\Windows\setupact.log
    2012-10-23 07:47 - 2012-10-23 07:47 - 00000361 ____A C:\rkill.log
    2012-10-23 07:37 - 2012-10-23 07:37 - 02194704 ____A C:\Users\Grumpy\Downloads\tdsskiller.zip
    2012-10-23 07:20 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-23 07:20 - 2009-07-13 20:45 - 00013440 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-23 07:13 - 2010-12-03 14:05 - 24273408 __ASH C:\Users\Grumpy\Desktop\Thumbs.db
    2012-10-23 07:12 - 2012-10-23 07:12 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-23 07:12 - 2010-06-24 21:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-23 07:12 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-22 19:59 - 2012-10-22 19:59 - 00021336 ____A C:\AdwCleaner[R1].txt
    2012-10-22 19:54 - 2012-10-22 19:54 - 00448512 ____A (OldTimer Tools) C:\Users\Grumpy\Downloads\TFC.exe
    2012-10-22 19:52 - 2012-10-22 19:52 - 00538941 ____A C:\Users\Grumpy\Downloads\adwcleaner.exe
    2012-10-22 19:49 - 2012-10-22 19:49 - 00694323 ____A (Farbar) C:\Users\Grumpy\Downloads\FSS.exe
    2012-10-22 19:48 - 2012-10-22 19:48 - 00881773 ____A C:\Users\Grumpy\Downloads\SecurityCheck.exe
    2012-10-22 16:09 - 2012-10-22 16:09 - 92121088 ____A C:\Users\Grumpy\Downloads\avg_arl_cdi_all_120_120823a5226.iso
    2012-10-22 10:46 - 2012-10-22 10:44 - 00000238 ____A C:\Windows\System32\avgrep.txt
    2012-10-22 09:29 - 2012-10-22 09:29 - 00150293 ____A C:\Users\Grumpy\AppData\Local\census.cache
    2012-10-22 09:29 - 2012-10-22 09:29 - 00096958 ____A C:\Users\Grumpy\AppData\Local\ars.cache
    2012-10-22 09:22 - 2012-10-22 09:22 - 02002944 ____A (Trend Micro Inc.) C:\Users\Grumpy\Downloads\HousecallLauncher.exe
    2012-10-22 09:22 - 2012-10-22 09:22 - 00000036 ____A C:\Users\Grumpy\AppData\Local\housecall.guid.cache
    2012-10-21 20:53 - 2012-10-21 20:53 - 03941312 ____A (Piriform Ltd) C:\Users\Grumpy\Downloads\ccsetup323.exe
    2012-10-21 20:53 - 2012-10-21 20:53 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-10-21 20:51 - 2012-10-21 20:51 - 00000057 ____A C:\Users\Grumpy\Desktop\virhere.txt
    2012-10-21 20:48 - 2012-10-21 20:48 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-21 20:47 - 2012-10-21 20:47 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Grumpy\Downloads\mbam-setup-1.65.1.1000.exe
    2012-10-21 20:47 - 2011-11-14 16:48 - 00020992 __ASH C:\Users\Grumpy\Downloads\Thumbs.db
    2012-10-21 20:07 - 2012-10-19 02:17 - 83023306 ___AT C:\Users\All Users\8fc86754.pad
    2012-10-18 17:47 - 2011-10-16 12:14 - 00124052 ___AH C:\Windows\SysWOW64\mlfcache.dat
    2012-10-15 13:54 - 2012-09-29 05:23 - 00000844 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2012-10-14 19:02 - 2010-06-11 16:55 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-12 15:02 - 2012-10-12 15:01 - 58674136 ____A (AVG) C:\Users\Grumpy\Downloads\avg_tuh_stf_all_2013_2_24c5.exe
    2012-10-10 14:55 - 2012-01-07 07:08 - 00002338 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-10-08 15:17 - 2012-03-29 02:37 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-08 15:17 - 2011-05-16 02:04 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-07 19:54 - 2012-10-07 19:53 - 18124080 ____A (Microsoft Corporation) C:\Users\Grumpy\Downloads\IE9-Windows7-x86-enu.exe
    2012-10-04 23:26 - 2012-10-04 23:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
    2012-10-04 13:33 - 2009-07-13 21:08 - 00032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-01 23:30 - 2012-10-01 23:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-09-29 15:54 - 2012-10-21 20:48 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-22 12:34 - 2011-04-22 22:48 - 00101688 ____A (Trusteer Ltd.) C:\Windows\System32\Drivers\RapportKE64.sys
    2012-09-20 23:46 - 2012-09-20 23:46 - 00225120 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
    2012-09-20 23:46 - 2012-09-20 23:46 - 00200032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-09-20 23:45 - 2012-09-20 23:45 - 00061792 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
    2012-09-20 13:42 - 2012-09-20 13:42 - 00001743 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-09-14 11:23 - 2012-10-09 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:30 - 2012-10-09 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-13 23:05 - 2012-09-13 23:05 - 00040800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
    2012-09-12 23:11 - 2012-09-12 23:11 - 00151904 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-09-11 18:46 - 2011-11-27 16:06 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-09-10 19:32 - 2012-09-10 19:32 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
    2012-09-05 19:30 - 2010-06-11 18:27 - 00001065 ____A C:\Users\Public\Desktop\AnyDVD.lnk
    2012-09-05 19:29 - 2012-09-05 19:29 - 10186792 ____A C:\Users\Grumpy\Downloads\SetupAnyDVD7080.exe
    2012-09-05 19:25 - 2012-09-05 19:25 - 00198864 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-09-05 19:25 - 2012-09-05 19:25 - 00001046 ____A C:\Users\Public\Desktop\RealPlayer.lnk
    2012-09-05 19:24 - 2012-09-05 19:24 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-09-05 19:24 - 2012-09-05 19:24 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-09-05 19:24 - 2012-09-05 19:24 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-09-05 19:24 - 2012-09-05 19:24 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-09-05 19:24 - 2012-09-05 19:24 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-09-05 19:21 - 2012-09-05 19:21 - 00760128 ____A (RealNetworks, Inc.) C:\Users\Grumpy\Downloads\RealPlayer(2).exe
    2012-09-04 15:04 - 2012-09-04 15:02 - 135933721 ____A C:\Users\Grumpy\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US(1).exe
    2012-09-03 18:23 - 2012-09-03 18:23 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-31 13:38 - 2012-08-31 13:35 - 135933721 ____A C:\Users\Grumpy\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe
    2012-08-31 10:02 - 2012-10-09 17:30 - 01656688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:11 - 2012-10-09 17:29 - 05505904 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:18 - 2012-10-09 17:29 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:18 - 2012-10-09 17:29 - 03902832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-26 04:56 - 2012-08-26 04:56 - 00138400 ____A (SlySoft, Inc.) C:\Windows\SysWOW64\Drivers\AnyDVD.sys
    2012-08-26 04:56 - 2012-08-26 04:56 - 00138400 ____A (SlySoft, Inc.) C:\Windows\System32\Drivers\AnyDVD.sys
    2012-08-25 14:56 - 2012-08-25 14:56 - 00000235 ____A C:\Users\Grumpy\Desktop\Netflix.url
    2012-08-25 14:36 - 2012-08-25 14:36 - 00692480 ____A (RealNetworks, Inc.) C:\Users\Grumpy\Downloads\RealPlayer(1).exe
    2012-08-24 10:05 - 2012-10-09 17:29 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 09:10 - 2012-10-09 17:29 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-09-24 02:48 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-24 02:48 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-24 02:48 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-24 02:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-24 02:48 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-24 02:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-24 02:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-24 02:48 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-24 02:48 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-09-24 02:48 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-09-24 02:48 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-24 02:48 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-24 02:48 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-24 02:48 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-24 02:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-24 02:48 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-24 02:48 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-24 02:48 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-24 02:48 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-24 02:48 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-24 02:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-24 02:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-24 02:48 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-24 02:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-24 02:48 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-09-24 02:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-24 02:48 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-09-24 02:48 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-24 02:48 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-09-24 02:48 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-09-24 02:48 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-24 02:48 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-21 09:01 - 2012-09-20 13:42 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 09:01 - 2010-08-14 18:59 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
    2012-08-21 09:01 - 2010-08-14 18:59 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
    2012-08-18 12:44 - 2012-08-18 12:44 - 04615016 ____A (Garmin International) C:\Users\Grumpy\Downloads\GarminMapUpdater.exe
    2012-08-18 07:43 - 2012-10-10 14:15 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-18 07:43 - 2012-10-10 14:15 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-18 07:43 - 2012-10-10 14:15 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-18 07:42 - 2012-10-10 14:15 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-18 07:40 - 2012-10-10 14:15 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-18 07:37 - 2012-10-10 14:15 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-18 07:37 - 2012-10-10 14:15 - 00425984 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-18 07:34 - 2012-10-10 14:15 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-18 07:22 - 2012-10-10 14:15 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-18 07:22 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-18 03:22 - 2012-10-10 14:15 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-18 03:19 - 2012-10-10 14:15 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-18 03:17 - 2012-10-10 14:15 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-18 03:17 - 2012-10-10 14:15 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-18 03:17 - 2012-10-10 14:15 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-18 03:09 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-18 01:12 - 2012-10-10 14:15 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-18 01:12 - 2012-10-10 14:15 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-18 01:07 - 2012-10-10 14:15 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 14:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 14:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 01:07 - 2012-10-10 14:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-15 13:59 - 2009-07-13 20:45 - 00299560 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-10 16:53 - 2012-10-09 17:29 - 00714752 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:54 - 2012-10-09 17:29 - 00541184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-05 05:56 - 2012-08-05 05:56 - 09949624 ____A C:\Users\Grumpy\Downloads\SetupAnyDVD7060.exe
    2012-08-02 09:55 - 2012-09-12 00:02 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 09:05 - 2012-09-12 00:02 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-30 07:24 - 2012-07-30 07:24 - 00158720 ____A (Prolific Technology Inc.) C:\Windows\System32\Drivers\ser2pl64.sys
  4. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    ZeroAccess:
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\L
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\L\00000004.@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\L\201d3dde
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\00000004.@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\00000008.@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\000000cb.@
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U\80000032.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-14 03:03:54
    Restore point made on: 2012-10-14 03:05:27
    Restore point made on: 2012-10-14 19:01:49
    Restore point made on: 2012-10-14 19:05:41
    Restore point made on: 2012-10-14 19:06:45
    Restore point made on: 2012-10-15 02:37:02
    Restore point made on: 2012-10-15 17:07:45
    Restore point made on: 2012-10-16 02:32:05
    Restore point made on: 2012-10-16 02:58:37
    Restore point made on: 2012-10-16 23:00:58
    Restore point made on: 2012-10-17 02:39:54
    Restore point made on: 2012-10-17 19:25:44
    Restore point made on: 2012-10-18 02:52:21
    Restore point made on: 2012-10-19 02:22:29
    Restore point made on: 2012-10-21 20:08:32

    ==================== Memory info ===========================

    Percentage of memory in use: 10%
    Total physical RAM: 8191.11 MB
    Available physical RAM: 7339.36 MB
    Total Pagefile: 8189.26 MB
    Available Pagefile: 7337.01 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:931.41 GB) (Free:764.35 GB) NTFS
    2 Drive d: (Main Drive 3) (Fixed) (Total:44.33 GB) (Free:17.78 GB) NTFS
    3 Drive e: (DATA) (Fixed) (Total:83.67 GB) (Free:79.09 GB) NTFS
    5 Drive h: (CDROM) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS
    8 Drive k: (HP v125w) (Removable) (Total:7.45 GB) (Free:5.46 GB) FAT32
    9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 Online 279 GB 151 GB
    Disk 2 No Media 0 B 0 B
    Disk 3 Online 7643 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 931 GB 101 MB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 Y System Rese NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 C NTFS Partition 931 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 44 GB 31 KB
    Partition 0 Extended 83 GB 44 GB
    Partition 2 Logical 83 GB 44 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 D Main Drive NTFS Partition 44 GB Healthy

    =========================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 E DATA NTFS Partition 83 GB Healthy

    =========================================================

    Partitions of Disk 3:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7643 MB 31 KB

    ==================================================================================

    Disk: 3
    Partition 1
    Type : 0B
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 K HP v125w FAT32 Removable 7643 MB Healthy

    =========================================================

    Last Boot: 2012-10-16 15:20

    ==================== End Of Log =============================
  5. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    =============================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Attached Files:

  6. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2012
    Ran by SYSTEM at 2012-10-23 17:22:54 Run:1
    Running from K:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKLM-x32\\\.\.\.\\runonceex\\HKLM-x32\...\runonceex: [] Value not found.
    C:\Windows\Installer\{1b405ce6-8848-e2d9-71ed-723aea56cefb} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  7. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    17:27:20.0529 2968 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    17:27:20.0802 2968 ============================================================
    17:27:20.0803 2968 Current date / time: 2012/10/23 17:27:20.0802
    17:27:20.0803 2968 SystemInfo:
    17:27:20.0803 2968
    17:27:20.0803 2968 OS Version: 6.1.7600 ServicePack: 0.0
    17:27:20.0803 2968 Product type: Workstation
    17:27:20.0803 2968 ComputerName: GRUMPY-PC
    17:27:20.0803 2968 UserName: Grumpy
    17:27:20.0804 2968 Windows directory: C:\Windows
    17:27:20.0804 2968 System windows directory: C:\Windows
    17:27:20.0804 2968 Running under WOW64
    17:27:20.0804 2968 Processor architecture: Intel x64
    17:27:20.0804 2968 Number of processors: 4
    17:27:20.0804 2968 Page size: 0x1000
    17:27:20.0804 2968 Boot type: Normal boot
    17:27:20.0804 2968 ============================================================
    17:27:23.0949 2968 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:27:23.0956 2968 Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:27:23.0970 2968 Drive \Device\Harddisk3\DR3 - Size: 0x1DDBF8000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:27:23.0972 2968 ============================================================
    17:27:23.0972 2968 \Device\Harddisk0\DR0:
    17:27:23.0972 2968 MBR partitions:
    17:27:23.0972 2968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    17:27:23.0972 2968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
    17:27:23.0972 2968 \Device\Harddisk1\DR1:
    17:27:23.0972 2968 MBR partitions:
    17:27:23.0972 2968 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x58A949C
    17:27:23.0972 2968 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x58A951A, BlocksNum 0xA7555EB
    17:27:23.0972 2968 \Device\Harddisk3\DR3:
    17:27:23.0974 2968 MBR partitions:
    17:27:23.0974 2968 \Device\Harddisk3\DR3\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0xEEDD21
    17:27:23.0974 2968 ============================================================
    17:27:23.0998 2968 C: <-> \Device\Harddisk0\DR0\Partition2
    17:27:24.0020 2968 D: <-> \Device\Harddisk1\DR1\Partition1
    17:27:24.0049 2968 E: <-> \Device\Harddisk1\DR1\Partition2
    17:27:24.0049 2968 ============================================================
    17:27:24.0049 2968 Initialize success
    17:27:24.0049 2968 ============================================================
    17:27:26.0804 3436 ============================================================
    17:27:26.0804 3436 Scan started
    17:27:26.0804 3436 Mode: Manual;
    17:27:26.0804 3436 ============================================================
    17:27:29.0213 3436 ================ Scan system memory ========================
    17:27:29.0213 3436 System memory - ok
    17:27:29.0214 3436 ================ Scan services =============================
    17:27:29.0570 3436 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    17:27:29.0578 3436 1394ohci - ok
    17:27:29.0607 3436 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
    17:27:29.0614 3436 ACPI - ok
    17:27:29.0630 3436 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
    17:27:29.0638 3436 AcpiPmi - ok
    17:27:29.0736 3436 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:27:29.0739 3436 AdobeARMservice - ok
    17:27:29.0845 3436 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:27:29.0851 3436 AdobeFlashPlayerUpdateSvc - ok
    17:27:29.0885 3436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    17:27:29.0898 3436 adp94xx - ok
    17:27:29.0919 3436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    17:27:29.0928 3436 adpahci - ok
    17:27:29.0947 3436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    17:27:29.0953 3436 adpu320 - ok
    17:27:29.0983 3436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:27:29.0986 3436 AeLookupSvc - ok
    17:27:30.0129 3436 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
    17:27:30.0147 3436 AFD - ok
    17:27:30.0166 3436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    17:27:30.0171 3436 agp440 - ok
    17:27:30.0190 3436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    17:27:30.0194 3436 ALG - ok
    17:27:30.0214 3436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
    17:27:30.0218 3436 aliide - ok
    17:27:30.0273 3436 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    17:27:30.0278 3436 AMD External Events Utility - ok
    17:27:30.0287 3436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
    17:27:30.0290 3436 amdide - ok
    17:27:30.0309 3436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    17:27:30.0313 3436 AmdK8 - ok
    17:27:30.0536 3436 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    17:27:30.0718 3436 amdkmdag - ok
    17:27:30.0736 3436 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    17:27:30.0738 3436 amdkmdap - ok
    17:27:30.0750 3436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    17:27:30.0755 3436 AmdPPM - ok
    17:27:30.0802 3436 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    17:27:30.0808 3436 amdsata - ok
    17:27:30.0820 3436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    17:27:30.0827 3436 amdsbs - ok
    17:27:30.0889 3436 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
    17:27:30.0891 3436 amdxata - ok
    17:27:30.0924 3436 [ B5C0F65D6657C6ADD9ED75EC7583390B ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
    17:27:30.0928 3436 AnyDVD - ok
    17:27:31.0000 3436 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
    17:27:31.0004 3436 AOL ACS - ok
    17:27:31.0035 3436 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
    17:27:31.0040 3436 AppID - ok
    17:27:31.0060 3436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:27:31.0064 3436 AppIDSvc - ok
    17:27:31.0093 3436 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
    17:27:31.0096 3436 Appinfo - ok
    17:27:31.0150 3436 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:27:31.0153 3436 Apple Mobile Device - ok
    17:27:31.0174 3436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    17:27:31.0179 3436 arc - ok
    17:27:31.0197 3436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    17:27:31.0201 3436 arcsas - ok
    17:27:31.0220 3436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:27:31.0223 3436 AsyncMac - ok
    17:27:31.0240 3436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
    17:27:31.0242 3436 atapi - ok
    17:27:31.0385 3436 [ 322E5C178990F116F00E3D923F4E6B1C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    17:27:31.0429 3436 atikmdag - ok
    17:27:31.0452 3436 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:27:31.0455 3436 AudioEndpointBuilder - ok
    17:27:31.0463 3436 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
    17:27:31.0466 3436 AudioSrv - ok
    17:27:31.0790 3436 [ EE651D98B03FE3C075CCC58AB61C9287 ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    17:27:31.0827 3436 AVG Security Toolbar Service - ok
    17:27:32.0353 3436 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    17:27:32.0380 3436 AVGIDSAgent - ok
    17:27:32.0480 3436 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    17:27:32.0484 3436 AVGIDSDriver - ok
    17:27:32.0569 3436 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    17:27:32.0571 3436 AVGIDSHA - ok
    17:27:32.0658 3436 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    17:27:32.0660 3436 Avgldx64 - ok
    17:27:32.0724 3436 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    17:27:32.0725 3436 Avgloga - ok
    17:27:32.0780 3436 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    17:27:32.0783 3436 Avgmfx64 - ok
    17:27:32.0806 3436 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    17:27:32.0809 3436 Avgrkx64 - ok
    17:27:32.0829 3436 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    17:27:32.0834 3436 Avgtdia - ok
    17:27:32.0870 3436 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    17:27:32.0871 3436 avgtp - ok
    17:27:32.0940 3436 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    17:27:32.0945 3436 avgwd - ok
    17:27:32.0994 3436 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:27:32.0999 3436 AxInstSV - ok
    17:27:33.0041 3436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    17:27:33.0053 3436 b06bdrv - ok
    17:27:33.0083 3436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:27:33.0091 3436 b57nd60a - ok
    17:27:33.0190 3436 [ 6FA3557EA5FA09BA705298CC6B0E9F5A ] BCMH43XX C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
    17:27:33.0234 3436 BCMH43XX - ok
    17:27:33.0252 3436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    17:27:33.0258 3436 BDESVC - ok
    17:27:33.0297 3436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    17:27:33.0300 3436 Beep - ok
    17:27:33.0320 3436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    17:27:33.0324 3436 blbdrive - ok
    17:27:33.0376 3436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    17:27:33.0384 3436 Bonjour Service - ok
    17:27:33.0446 3436 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    17:27:33.0449 3436 bowser - ok
    17:27:33.0469 3436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:27:33.0473 3436 BrFiltLo - ok
    17:27:33.0492 3436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:27:33.0495 3436 BrFiltUp - ok
    17:27:33.0560 3436 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
    17:27:33.0564 3436 Browser - ok
    17:27:33.0587 3436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    17:27:33.0596 3436 Brserid - ok
    17:27:33.0614 3436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    17:27:33.0619 3436 BrSerWdm - ok
    17:27:33.0626 3436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:27:33.0629 3436 BrUsbMdm - ok
    17:27:33.0637 3436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    17:27:33.0640 3436 BrUsbSer - ok
    17:27:33.0662 3436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    17:27:33.0664 3436 BTHMODEM - ok
    17:27:33.0679 3436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    17:27:33.0681 3436 bthserv - ok
    17:27:33.0695 3436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    17:27:33.0698 3436 cdfs - ok
    17:27:33.0714 3436 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    17:27:33.0719 3436 cdrom - ok
    17:27:33.0746 3436 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
    17:27:33.0750 3436 CertPropSvc - ok
    17:27:33.0764 3436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    17:27:33.0767 3436 circlass - ok
    17:27:33.0798 3436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    17:27:33.0805 3436 CLFS - ok
    17:27:33.0858 3436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:27:33.0864 3436 clr_optimization_v2.0.50727_32 - ok
    17:27:33.0901 3436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:27:33.0907 3436 clr_optimization_v2.0.50727_64 - ok
    17:27:34.0028 3436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:27:34.0074 3436 clr_optimization_v4.0.30319_32 - ok
    17:27:34.0130 3436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:27:34.0135 3436 clr_optimization_v4.0.30319_64 - ok
    17:27:34.0150 3436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    17:27:34.0153 3436 CmBatt - ok
    17:27:34.0169 3436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
    17:27:34.0171 3436 cmdide - ok
    17:27:34.0234 3436 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
    17:27:34.0242 3436 CNG - ok
    17:27:34.0259 3436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    17:27:34.0262 3436 Compbatt - ok
    17:27:34.0281 3436 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:27:34.0284 3436 CompositeBus - ok
    17:27:34.0291 3436 COMSysApp - ok
    17:27:34.0309 3436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    17:27:34.0313 3436 crcdisk - ok
    17:27:34.0386 3436 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
    17:27:34.0390 3436 CryptSvc - ok
    17:27:34.0427 3436 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    17:27:34.0431 3436 dc3d - ok
    17:27:34.0472 3436 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
    17:27:34.0483 3436 DcomLaunch - ok
    17:27:34.0535 3436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    17:27:34.0543 3436 defragsvc - ok
    17:27:34.0580 3436 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    17:27:34.0601 3436 DfsC - ok
    17:27:34.0689 3436 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
    17:27:34.0696 3436 Dhcp - ok
    17:27:34.0727 3436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    17:27:34.0745 3436 discache - ok
    17:27:34.0776 3436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    17:27:34.0779 3436 Disk - ok
    17:27:34.0830 3436 dldt_device - ok
    17:27:34.0925 3436 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
    17:27:34.0930 3436 Dnscache - ok
    17:27:34.0965 3436 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
    17:27:34.0974 3436 dot3svc - ok
    17:27:35.0008 3436 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
    17:27:35.0012 3436 DPS - ok
    17:27:35.0097 3436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    17:27:35.0118 3436 drmkaud - ok
    17:27:35.0242 3436 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    17:27:35.0258 3436 DXGKrnl - ok
    17:27:35.0292 3436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    17:27:35.0294 3436 EapHost - ok
    17:27:35.0485 3436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    17:27:35.0631 3436 ebdrv - ok
    17:27:35.0673 3436 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
    17:27:35.0677 3436 EFS - ok
    17:27:35.0761 3436 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    17:27:35.0778 3436 ehRecvr - ok
    17:27:35.0806 3436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    17:27:35.0812 3436 ehSched - ok
    17:27:35.0834 3436 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
    17:27:35.0836 3436 ElbyCDIO - ok
    17:27:35.0855 3436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    17:27:35.0862 3436 elxstor - ok
    17:27:35.0876 3436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
    17:27:35.0879 3436 ErrDev - ok
    17:27:35.0899 3436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    17:27:35.0903 3436 EventSystem - ok
    17:27:35.0917 3436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    17:27:35.0920 3436 exfat - ok
    17:27:35.0931 3436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    17:27:35.0934 3436 fastfat - ok
    17:27:35.0965 3436 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
    17:27:35.0980 3436 Fax - ok
    17:27:35.0989 3436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    17:27:35.0992 3436 fdc - ok
    17:27:36.0004 3436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    17:27:36.0008 3436 fdPHost - ok
    17:27:36.0018 3436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    17:27:36.0022 3436 FDResPub - ok
    17:27:36.0035 3436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    17:27:36.0038 3436 FileInfo - ok
    17:27:36.0055 3436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    17:27:36.0059 3436 Filetrace - ok
    17:27:36.0067 3436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    17:27:36.0070 3436 flpydisk - ok
    17:27:36.0096 3436 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    17:27:36.0098 3436 FltMgr - ok
    17:27:36.0181 3436 [ 97223981A9214F1B4997E9075ABB6BF5 ] FontCache C:\Windows\system32\FntCache.dll
    17:27:36.0216 3436 FontCache - ok
    17:27:36.0267 3436 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:27:36.0271 3436 FontCache3.0.0.0 - ok
    17:27:36.0287 3436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    17:27:36.0291 3436 FsDepends - ok
    17:27:36.0343 3436 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    17:27:36.0347 3436 fssfltr - ok
    17:27:36.0540 3436 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    17:27:36.0609 3436 fsssvc - ok
    17:27:36.0652 3436 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    17:27:36.0653 3436 Fs_Rec - ok
    17:27:36.0685 3436 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    17:27:36.0690 3436 fvevol - ok
    17:27:36.0710 3436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:27:36.0714 3436 gagp30kx - ok
    17:27:36.0777 3436 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:27:36.0779 3436 GEARAspiWDM - ok
    17:27:36.0816 3436 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
    17:27:36.0830 3436 gpsvc - ok
    17:27:36.0924 3436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:27:36.0929 3436 gupdate - ok
    17:27:36.0956 3436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:27:36.0960 3436 gupdatem - ok
    17:27:37.0045 3436 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    17:27:37.0050 3436 gusvc - ok
    17:27:37.0084 3436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    17:27:37.0088 3436 hcw85cir - ok
    17:27:37.0138 3436 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    17:27:37.0155 3436 HdAudAddService - ok
    17:27:37.0181 3436 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:27:37.0186 3436 HDAudBus - ok
    17:27:37.0199 3436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    17:27:37.0202 3436 HidBatt - ok
    17:27:37.0211 3436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    17:27:37.0216 3436 HidBth - ok
    17:27:37.0227 3436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    17:27:37.0229 3436 HidIr - ok
    17:27:37.0240 3436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    17:27:37.0241 3436 hidserv - ok
    17:27:37.0262 3436 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    17:27:37.0264 3436 HidUsb - ok
    17:27:37.0291 3436 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
    17:27:37.0297 3436 hkmsvc - ok
    17:27:37.0332 3436 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    17:27:37.0340 3436 HomeGroupListener - ok
    17:27:37.0398 3436 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    17:27:37.0419 3436 HomeGroupProvider - ok
    17:27:37.0629 3436 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    17:27:37.0649 3436 hpqcxs08 - ok
    17:27:37.0682 3436 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    17:27:37.0707 3436 hpqddsvc - ok
    17:27:37.0735 3436 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
    17:27:37.0750 3436 HpSAMD - ok
    17:27:37.0852 3436 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    17:27:37.0885 3436 HPSLPSVC - ok
    17:27:37.0983 3436 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    17:27:37.0995 3436 HTTP - ok
    17:27:38.0028 3436 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    17:27:38.0029 3436 hwpolicy - ok
    17:27:38.0062 3436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    17:27:38.0076 3436 i8042prt - ok
    17:27:38.0167 3436 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    17:27:38.0201 3436 iaStorV - ok
    17:27:38.0276 3436 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    17:27:38.0329 3436 IDriverT - ok
    17:27:38.0425 3436 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:27:38.0436 3436 idsvc - ok
    17:27:38.0457 3436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    17:27:38.0459 3436 iirsp - ok
    17:27:38.0506 3436 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
    17:27:38.0525 3436 IKEEXT - ok
    17:27:38.0547 3436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
    17:27:38.0551 3436 intelide - ok
    17:27:38.0578 3436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    17:27:38.0582 3436 intelppm - ok
    17:27:38.0606 3436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    17:27:38.0611 3436 IPBusEnum - ok
    17:27:38.0628 3436 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:27:38.0633 3436 IpFilterDriver - ok
    17:27:38.0641 3436 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
    17:27:38.0645 3436 IPMIDRV - ok
    17:27:38.0668 3436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    17:27:38.0671 3436 IPNAT - ok
    17:27:38.0741 3436 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    17:27:38.0757 3436 iPod Service - ok
    17:27:38.0774 3436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    17:27:38.0776 3436 IRENUM - ok
    17:27:38.0789 3436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
    17:27:38.0791 3436 isapnp - ok
    17:27:38.0821 3436 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    17:27:38.0828 3436 iScsiPrt - ok
    17:27:38.0852 3436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    17:27:38.0855 3436 kbdclass - ok
    17:27:38.0869 3436 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    17:27:38.0872 3436 kbdhid - ok
    17:27:38.0887 3436 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
    17:27:38.0890 3436 KeyIso - ok
    17:27:38.0936 3436 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    17:27:38.0939 3436 KSecDD - ok
    17:27:38.0954 3436 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    17:27:38.0958 3436 KSecPkg - ok
    17:27:38.0969 3436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    17:27:38.0970 3436 ksthunk - ok
    17:27:39.0000 3436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    17:27:39.0012 3436 KtmRm - ok
    17:27:39.0069 3436 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
    17:27:39.0076 3436 LanmanServer - ok
    17:27:39.0102 3436 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    17:27:39.0108 3436 LanmanWorkstation - ok
    17:27:39.0164 3436 [ 07B1888209C54B675FFCCBDE9F06D2C6 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    17:27:39.0166 3436 LightScribeService - ok
    17:27:39.0201 3436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    17:27:39.0204 3436 lltdio - ok
    17:27:39.0228 3436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    17:27:39.0237 3436 lltdsvc - ok
    17:27:39.0259 3436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    17:27:39.0262 3436 lmhosts - ok
    17:27:39.0309 3436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:27:39.0315 3436 LSI_FC - ok
    17:27:39.0336 3436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:27:39.0341 3436 LSI_SAS - ok
    17:27:39.0355 3436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:27:39.0360 3436 LSI_SAS2 - ok
    17:27:39.0379 3436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:27:39.0384 3436 LSI_SCSI - ok
    17:27:39.0403 3436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    17:27:39.0406 3436 luafv - ok
    17:27:39.0427 3436 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    17:27:39.0433 3436 Mcx2Svc - ok
    17:27:39.0447 3436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    17:27:39.0451 3436 megasas - ok
    17:27:39.0474 3436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    17:27:39.0482 3436 MegaSR - ok
    17:27:39.0498 3436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    17:27:39.0502 3436 MMCSS - ok
    17:27:39.0518 3436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    17:27:39.0521 3436 Modem - ok
    17:27:39.0532 3436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    17:27:39.0534 3436 monitor - ok
    17:27:39.0545 3436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    17:27:39.0546 3436 mouclass - ok
    17:27:39.0557 3436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    17:27:39.0558 3436 mouhid - ok
    17:27:39.0576 3436 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    17:27:39.0577 3436 mountmgr - ok
    17:27:39.0610 3436 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:27:39.0612 3436 MozillaMaintenance - ok
    17:27:39.0632 3436 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
    17:27:39.0637 3436 mpio - ok
    17:27:39.0657 3436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    17:27:39.0662 3436 mpsdrv - ok
    17:27:39.0683 3436 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    17:27:39.0688 3436 MRxDAV - ok
    17:27:39.0740 3436 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:27:39.0744 3436 mrxsmb - ok
    17:27:39.0806 3436 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:27:39.0812 3436 mrxsmb10 - ok
    17:27:39.0824 3436 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:27:39.0828 3436 mrxsmb20 - ok
    17:27:39.0847 3436 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
    17:27:39.0849 3436 msahci - ok
    17:27:39.0863 3436 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
    17:27:39.0866 3436 msdsm - ok
    17:27:39.0879 3436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    17:27:39.0882 3436 MSDTC - ok
    17:27:39.0895 3436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    17:27:39.0897 3436 Msfs - ok
    17:27:39.0913 3436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    17:27:39.0914 3436 mshidkmdf - ok
    17:27:39.0927 3436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
    17:27:39.0928 3436 msisadrv - ok
    17:27:39.0951 3436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    17:27:39.0956 3436 MSiSCSI - ok
    17:27:39.0964 3436 msiserver - ok
    17:27:39.0989 3436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    17:27:39.0991 3436 MSKSSRV - ok
    17:27:40.0002 3436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    17:27:40.0003 3436 MSPCLOCK - ok
    17:27:40.0019 3436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    17:27:40.0020 3436 MSPQM - ok
    17:27:40.0033 3436 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    17:27:40.0036 3436 MsRPC - ok
    17:27:40.0046 3436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    17:27:40.0047 3436 mssmbios - ok
    17:27:40.0062 3436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    17:27:40.0063 3436 MSTEE - ok
    17:27:40.0074 3436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    17:27:40.0076 3436 MTConfig - ok
    17:27:40.0104 3436 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    17:27:40.0105 3436 MTsensor - ok
    17:27:40.0121 3436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    17:27:40.0122 3436 Mup - ok
    17:27:40.0142 3436 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
    17:27:40.0148 3436 napagent - ok
    17:27:40.0173 3436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    17:27:40.0176 3436 NativeWifiP - ok
    17:27:40.0237 3436 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
    17:27:40.0256 3436 NAUpdate - ok
    17:27:40.0353 3436 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
    17:27:40.0368 3436 NDIS - ok
    17:27:40.0405 3436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    17:27:40.0411 3436 NdisCap - ok
    17:27:40.0468 3436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    17:27:40.0484 3436 NdisTapi - ok
    17:27:40.0534 3436 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    17:27:40.0537 3436 Ndisuio - ok
    17:27:40.0594 3436 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    17:27:40.0599 3436 NdisWan - ok
    17:27:40.0642 3436 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    17:27:40.0692 3436 NDProxy - ok
    17:27:40.0720 3436 Nero BackItUp Scheduler 4.0 - ok
    17:27:40.0785 3436 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    17:27:40.0788 3436 Net Driver HPZ12 - ok
    17:27:40.0818 3436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    17:27:40.0832 3436 NetBIOS - ok
    17:27:40.0870 3436 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    17:27:40.0885 3436 NetBT - ok
    17:27:40.0901 3436 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
    17:27:40.0905 3436 Netlogon - ok
    17:27:40.0955 3436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    17:27:40.0970 3436 Netman - ok
    17:27:40.0994 3436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    17:27:41.0004 3436 netprofm - ok
    17:27:41.0023 3436 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:27:41.0026 3436 NetTcpPortSharing - ok
    17:27:41.0048 3436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    17:27:41.0050 3436 nfrd960 - ok
    17:27:41.0075 3436 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    17:27:41.0078 3436 NlaSvc - ok
    17:27:41.0100 3436 [ C31FA031335EFF434B2D94278E74BCCE ] NPF C:\Windows\system32\DRIVERS\npf.sys
    17:27:41.0102 3436 NPF - ok
    17:27:41.0114 3436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    17:27:41.0116 3436 Npfs - ok
    17:27:41.0131 3436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    17:27:41.0133 3436 nsi - ok
    17:27:41.0143 3436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    17:27:41.0145 3436 nsiproxy - ok
    17:27:41.0227 3436 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    17:27:41.0237 3436 Ntfs - ok
    17:27:41.0281 3436 [ 77EB11DA191D12D12E28D7BD8905C42C ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
    17:27:41.0284 3436 NuidFltr - ok
    17:27:41.0288 3436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    17:27:41.0290 3436 Null - ok
    17:27:41.0322 3436 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    17:27:41.0325 3436 nvraid - ok
    17:27:41.0383 3436 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    17:27:41.0386 3436 nvstor - ok
    17:27:41.0406 3436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
    17:27:41.0409 3436 nv_agp - ok
    17:27:41.0419 3436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    17:27:41.0421 3436 ohci1394 - ok
    17:27:41.0448 3436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    17:27:41.0453 3436 p2pimsvc - ok
    17:27:41.0475 3436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    17:27:41.0482 3436 p2psvc - ok
    17:27:41.0490 3436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    17:27:41.0493 3436 Parport - ok
    17:27:41.0544 3436 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    17:27:41.0545 3436 partmgr - ok
    17:27:41.0559 3436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    17:27:41.0562 3436 PcaSvc - ok
    17:27:41.0573 3436 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
    17:27:41.0575 3436 pci - ok
    17:27:41.0589 3436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
    17:27:41.0590 3436 pciide - ok
    17:27:41.0606 3436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    17:27:41.0609 3436 pcmcia - ok
    17:27:41.0613 3436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    17:27:41.0614 3436 pcw - ok
    17:27:41.0636 3436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    17:27:41.0640 3436 PEAUTH - ok
    17:27:41.0684 3436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    17:27:41.0686 3436 PerfHost - ok
    17:27:41.0741 3436 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
    17:27:41.0765 3436 pla - ok
    17:27:41.0848 3436 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    17:27:41.0852 3436 PlugPlay - ok
    17:27:41.0916 3436 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    17:27:41.0917 3436 Pml Driver HPZ12 - ok
    17:27:41.0924 3436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    17:27:41.0926 3436 PNRPAutoReg - ok
    17:27:41.0933 3436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    17:27:41.0936 3436 PNRPsvc - ok
    17:27:41.0983 3436 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
    17:27:41.0986 3436 Point64 - ok
    17:27:42.0003 3436 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    17:27:42.0010 3436 PolicyAgent - ok
    17:27:42.0020 3436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    17:27:42.0022 3436 Power - ok
    17:27:42.0040 3436 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    17:27:42.0043 3436 PptpMiniport - ok
    17:27:42.0054 3436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    17:27:42.0056 3436 Processor - ok
    17:27:42.0107 3436 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
    17:27:42.0110 3436 ProfSvc - ok
    17:27:42.0116 3436 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
    17:27:42.0118 3436 ProtectedStorage - ok
    17:27:42.0144 3436 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    17:27:42.0146 3436 Psched - ok
    17:27:42.0192 3436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    17:27:42.0218 3436 ql2300 - ok
    17:27:42.0234 3436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    17:27:42.0237 3436 ql40xx - ok
    17:27:42.0257 3436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    17:27:42.0261 3436 QWAVE - ok
    17:27:42.0280 3436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    17:27:42.0283 3436 QWAVEdrv - ok
    17:27:42.0360 3436 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
    17:27:42.0363 3436 RapiMgr - ok
    17:27:42.0510 3436 [ 00935D8DA2DCD34017544CFEBA97D1E7 ] RapportCerberus_42020 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys
    17:27:42.0513 3436 RapportCerberus_42020 - ok
  8. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    17:27:42.0601 3436 [ 9E0FFC5EEEA5FEC75560F394B63022BE ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
    17:27:42.0602 3436 RapportEI64 - ok
    17:27:42.0657 3436 [ 842041C4B15BAEE2CA37B727CE57334A ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys
    17:27:42.0659 3436 RapportKE64 - ok
    17:27:42.0700 3436 [ 65AA99CB303BA21F9ACC8C1374A14798 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    17:27:42.0706 3436 RapportMgmtService - ok
    17:27:42.0717 3436 [ 14FF58FE8D19FA3AA577F1E74F1F7D55 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
    17:27:42.0719 3436 RapportPG64 - ok
    17:27:42.0733 3436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    17:27:42.0735 3436 RasAcd - ok
    17:27:42.0753 3436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:27:42.0755 3436 RasAgileVpn - ok
    17:27:42.0776 3436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    17:27:42.0780 3436 RasAuto - ok
    17:27:42.0794 3436 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:27:42.0796 3436 Rasl2tp - ok
    17:27:42.0820 3436 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
    17:27:42.0826 3436 RasMan - ok
    17:27:42.0838 3436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    17:27:42.0840 3436 RasPppoe - ok
    17:27:42.0860 3436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    17:27:42.0863 3436 RasSstp - ok
    17:27:42.0885 3436 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    17:27:42.0889 3436 rdbss - ok
    17:27:42.0897 3436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    17:27:42.0900 3436 rdpbus - ok
    17:27:42.0910 3436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:27:42.0912 3436 RDPCDD - ok
    17:27:42.0939 3436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    17:27:42.0940 3436 RDPENCDD - ok
    17:27:42.0948 3436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    17:27:42.0950 3436 RDPREFMP - ok
    17:27:43.0039 3436 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    17:27:43.0062 3436 RDPWD - ok
    17:27:43.0109 3436 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    17:27:43.0114 3436 rdyboost - ok
    17:27:43.0186 3436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    17:27:43.0195 3436 RemoteAccess - ok
    17:27:43.0227 3436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    17:27:43.0237 3436 RemoteRegistry - ok
    17:27:43.0298 3436 [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    17:27:43.0319 3436 RimUsb - ok
    17:27:43.0377 3436 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    17:27:43.0381 3436 RimVSerPort - ok
    17:27:43.0419 3436 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    17:27:43.0423 3436 ROOTMODEM - ok
    17:27:43.0439 3436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    17:27:43.0444 3436 RpcEptMapper - ok
    17:27:43.0473 3436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    17:27:43.0478 3436 RpcLocator - ok
    17:27:43.0512 3436 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
    17:27:43.0524 3436 RpcSs - ok
    17:27:43.0537 3436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    17:27:43.0540 3436 rspndr - ok
    17:27:43.0611 3436 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:27:43.0621 3436 RTL8167 - ok
    17:27:43.0631 3436 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
    17:27:43.0635 3436 SamSs - ok
    17:27:43.0657 3436 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
    17:27:43.0659 3436 sbp2port - ok
    17:27:43.0719 3436 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    17:27:43.0755 3436 SBSDWSCService - ok
    17:27:43.0781 3436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    17:27:43.0789 3436 SCardSvr - ok
    17:27:43.0803 3436 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    17:27:43.0805 3436 scfilter - ok
    17:27:43.0898 3436 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
    17:27:43.0906 3436 Schedule - ok
    17:27:43.0937 3436 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
    17:27:43.0938 3436 SCMNdisP - ok
    17:27:43.0967 3436 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
    17:27:43.0969 3436 SCPolicySvc - ok
    17:27:44.0029 3436 [ ED9C5CF6CC611EC8AC4A77C3F58F0601 ] ScsiAccess C:\Windows\SysWOW64\ScsiAccess.EXE
    17:27:44.0032 3436 ScsiAccess - ok
    17:27:44.0048 3436 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    17:27:44.0052 3436 SDRSVC - ok
    17:27:44.0161 3436 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    17:27:44.0166 3436 SeaPort - ok
    17:27:44.0189 3436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    17:27:44.0192 3436 secdrv - ok
    17:27:44.0207 3436 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
    17:27:44.0216 3436 seclogon - ok
    17:27:44.0237 3436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    17:27:44.0242 3436 SENS - ok
    17:27:44.0262 3436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    17:27:44.0268 3436 SensrSvc - ok
    17:27:44.0334 3436 [ 052D4299E72FFFCCD9A168ADCDF5C450 ] Ser2pl C:\Windows\system32\DRIVERS\ser2pl64.sys
    17:27:44.0340 3436 Ser2pl - ok
    17:27:44.0373 3436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    17:27:44.0376 3436 Serenum - ok
    17:27:44.0402 3436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    17:27:44.0407 3436 Serial - ok
    17:27:44.0419 3436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    17:27:44.0423 3436 sermouse - ok
    17:27:44.0453 3436 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
    17:27:44.0457 3436 SessionEnv - ok
    17:27:44.0480 3436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    17:27:44.0482 3436 sffdisk - ok
    17:27:44.0497 3436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
    17:27:44.0500 3436 sffp_mmc - ok
    17:27:44.0508 3436 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    17:27:44.0510 3436 sffp_sd - ok
    17:27:44.0521 3436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    17:27:44.0522 3436 sfloppy - ok
    17:27:44.0550 3436 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    17:27:44.0559 3436 ShellHWDetection - ok
    17:27:44.0577 3436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:27:44.0579 3436 SiSRaid2 - ok
    17:27:44.0586 3436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    17:27:44.0588 3436 SiSRaid4 - ok
    17:27:44.0738 3436 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    17:27:44.0742 3436 SkypeUpdate - ok
    17:27:44.0772 3436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    17:27:44.0777 3436 Smb - ok
    17:27:44.0823 3436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    17:27:44.0828 3436 SNMPTRAP - ok
    17:27:44.0843 3436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    17:27:44.0846 3436 spldr - ok
    17:27:44.0896 3436 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
    17:27:44.0908 3436 Spooler - ok
    17:27:45.0003 3436 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
    17:27:45.0060 3436 sppsvc - ok
    17:27:45.0075 3436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    17:27:45.0078 3436 sppuinotify - ok
    17:27:45.0130 3436 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    17:27:45.0139 3436 srv - ok
    17:27:45.0163 3436 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    17:27:45.0171 3436 srv2 - ok
    17:27:45.0215 3436 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    17:27:45.0219 3436 srvnet - ok17:27:45.0290 3436 [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    17:27:45.0296 3436 ssadbus - ok
    17:27:45.0334 3436 [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    17:27:45.0338 3436 ssadmdfl - ok
    17:27:45.0376 3436 [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    17:27:45.0382 3436 ssadmdm - ok
    17:27:45.0415 3436 [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    17:27:45.0420 3436 ssadserd - ok
    17:27:45.0480 3436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    17:27:45.0488 3436 SSDPSRV - ok
    17:27:45.0503 3436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    17:27:45.0510 3436 SstpSvc - ok
    17:27:45.0522 3436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    17:27:45.0527 3436 stexstor - ok
    17:27:45.0548 3436 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    17:27:45.0549 3436 StillCam - ok
    17:27:45.0578 3436 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
    17:27:45.0583 3436 stisvc - ok
    17:27:45.0593 3436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    17:27:45.0594 3436 swenum - ok
    17:27:45.0609 3436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    17:27:45.0615 3436 swprv - ok
    17:27:45.0646 3436 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
    17:27:45.0658 3436 SysMain - ok
    17:27:45.0672 3436 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
    17:27:45.0675 3436 TabletInputService - ok
    17:27:45.0690 3436 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
    17:27:45.0695 3436 TapiSrv - ok
    17:27:45.0699 3436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    17:27:45.0701 3436 TBS - ok
    17:27:45.0777 3436 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    17:27:45.0805 3436 Tcpip - ok
    17:27:45.0854 3436 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    17:27:45.0866 3436 TCPIP6 - ok
    17:27:45.0876 3436 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    17:27:45.0877 3436 tcpipreg - ok
    17:27:45.0901 3436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    17:27:45.0903 3436 TDPIPE - ok
    17:27:45.0950 3436 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    17:27:45.0952 3436 TDTCP - ok
    17:27:45.0970 3436 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    17:27:45.0975 3436 tdx - ok
    17:27:45.0990 3436 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    17:27:45.0994 3436 TermDD - ok
    17:27:46.0019 3436 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
    17:27:46.0028 3436 TermService - ok
    17:27:46.0050 3436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    17:27:46.0052 3436 Themes - ok
    17:27:46.0075 3436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    17:27:46.0079 3436 THREADORDER - ok
    17:27:46.0161 3436 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    17:27:46.0164 3436 TomTomHOMEService - ok
    17:27:46.0200 3436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    17:27:46.0206 3436 TrkWks - ok
    17:27:46.0250 3436 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    17:27:46.0256 3436 TrustedInstaller - ok
    17:27:46.0279 3436 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:27:46.0283 3436 tssecsrv - ok
    17:27:46.0309 3436 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    17:27:46.0313 3436 tunnel - ok
    17:27:46.0328 3436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    17:27:46.0330 3436 uagp35 - ok
    17:27:46.0362 3436 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    17:27:46.0367 3436 udfs - ok
    17:27:46.0391 3436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    17:27:46.0394 3436 UI0Detect - ok
    17:27:46.0404 3436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
    17:27:46.0406 3436 uliagpkx - ok
    17:27:46.0418 3436 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    17:27:46.0421 3436 umbus - ok
    17:27:46.0427 3436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    17:27:46.0429 3436 UmPass - ok
    17:27:46.0455 3436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    17:27:46.0461 3436 upnphost - ok
    17:27:46.0507 3436 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    17:27:46.0509 3436 USBAAPL64 - ok
    17:27:46.0557 3436 [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    17:27:46.0574 3436 usbccgp - ok
    17:27:46.0601 3436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    17:27:46.0604 3436 usbcir - ok
    17:27:46.0664 3436 [ 92969BA5AC44E229C55A332864F79677 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    17:27:46.0681 3436 usbehci - ok
    17:27:46.0699 3436 [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    17:27:46.0706 3436 usbhub - ok
    17:27:46.0718 3436 [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    17:27:46.0719 3436 usbohci - ok
    17:27:46.0747 3436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    17:27:46.0750 3436 usbprint - ok
    17:27:46.0786 3436 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    17:27:46.0790 3436 usbscan - ok
    17:27:46.0861 3436 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:27:46.0867 3436 USBSTOR - ok
    17:27:46.0886 3436 [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    17:27:46.0888 3436 usbuhci - ok
    17:27:46.0923 3436 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
    17:27:46.0925 3436 usb_rndisx - ok
    17:27:46.0929 3436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    17:27:46.0931 3436 UxSms - ok
    17:27:46.0954 3436 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
    17:27:46.0955 3436 VaultSvc - ok
    17:27:46.0963 3436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
    17:27:46.0964 3436 vdrvroot - ok
    17:27:46.0988 3436 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
    17:27:46.0995 3436 vds - ok
    17:27:47.0016 3436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    17:27:47.0018 3436 vga - ok
    17:27:47.0036 3436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    17:27:47.0038 3436 VgaSave - ok
    17:27:47.0051 3436 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
    17:27:47.0054 3436 vhdmp - ok
    17:27:47.0133 3436 [ 627270F2103D41086BAB9675A3315DAB ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
    17:27:47.0159 3436 VIAHdAudAddService - ok
    17:27:47.0170 3436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
    17:27:47.0172 3436 viaide - ok
    17:27:47.0183 3436 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
    17:27:47.0185 3436 volmgr - ok
    17:27:47.0199 3436 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    17:27:47.0202 3436 volmgrx - ok
    17:27:47.0218 3436 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
    17:27:47.0220 3436 volsnap - ok
    17:27:47.0232 3436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    17:27:47.0234 3436 vsmraid - ok
    17:27:47.0265 3436 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
    17:27:47.0291 3436 VSS - ok
    17:27:47.0412 3436 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
    17:27:47.0424 3436 vToolbarUpdater12.2.6 - ok
    17:27:47.0434 3436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    17:27:47.0436 3436 vwifibus - ok
    17:27:47.0449 3436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    17:27:47.0451 3436 vwififlt - ok
    17:27:47.0469 3436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    17:27:47.0475 3436 W32Time - ok
    17:27:47.0491 3436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    17:27:47.0493 3436 WacomPen - ok
    17:27:47.0512 3436 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    17:27:47.0514 3436 WANARP - ok
    17:27:47.0517 3436 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    17:27:47.0518 3436 Wanarpv6 - ok
    17:27:47.0540 3436 [ ECEB715BECE47E101DDEC06B11126066 ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys
    17:27:47.0542 3436 wanatw - ok
    17:27:47.0596 3436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    17:27:47.0631 3436 WatAdminSvc - ok
    17:27:47.0696 3436 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
    17:27:47.0748 3436 wbengine - ok
    17:27:47.0805 3436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    17:27:47.0814 3436 WbioSrvc - ok
    17:27:47.0906 3436 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
    17:27:47.0917 3436 WcesComm - ok
    17:27:47.0979 3436 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    17:27:47.0985 3436 wcncsvc - ok
    17:27:47.0993 3436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    17:27:47.0996 3436 WcsPlugInService - ok
    17:27:48.0009 3436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    17:27:48.0011 3436 Wd - ok
    17:27:48.0034 3436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    17:27:48.0039 3436 Wdf01000 - ok
    17:27:48.0057 3436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    17:27:48.0060 3436 WdiServiceHost - ok
    17:27:48.0063 3436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    17:27:48.0066 3436 WdiSystemHost - ok
    17:27:48.0111 3436 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
    17:27:48.0116 3436 WebClient - ok
    17:27:48.0134 3436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    17:27:48.0139 3436 Wecsvc - ok
    17:27:48.0164 3436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    17:27:48.0168 3436 wercplsupport - ok
    17:27:48.0199 3436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    17:27:48.0205 3436 WerSvc - ok
    17:27:48.0220 3436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    17:27:48.0222 3436 WfpLwf - ok
    17:27:48.0232 3436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    17:27:48.0234 3436 WIMMount - ok
    17:27:48.0238 3436 WinHttpAutoProxySvc - ok
    17:27:48.0284 3436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    17:27:48.0286 3436 Winmgmt - ok
    17:27:48.0398 3436 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
    17:27:48.0451 3436 WinRM - ok
    17:27:48.0530 3436 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    17:27:48.0534 3436 WinUsb - ok
    17:27:48.0615 3436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    17:27:48.0622 3436 Wlansvc - ok
    17:27:48.0707 3436 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    17:27:48.0711 3436 wlcrasvc - ok
    17:27:48.0822 3436 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:27:48.0843 3436 wlidsvc - ok
    17:27:48.0862 3436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:27:48.0864 3436 WmiAcpi - ok
    17:27:48.0878 3436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    17:27:48.0881 3436 wmiApSrv - ok
    17:27:48.0895 3436 WMPNetworkSvc - ok
    17:27:48.0907 3436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    17:27:48.0910 3436 WPCSvc - ok
    17:27:48.0925 3436 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    17:27:48.0927 3436 WPDBusEnum - ok
    17:27:48.0930 3436 WPRO_40_1340 - ok
    17:27:48.0939 3436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    17:27:48.0941 3436 ws2ifsl - ok
    17:27:48.0943 3436 WSearch - ok
    17:27:48.0984 3436 [ 2A7DB6A6F2C2E7CB40311D5B9340060D ] WSWNDA3100 C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
    17:27:48.0986 3436 WSWNDA3100 - ok
    17:27:49.0002 3436 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    17:27:49.0003 3436 WudfPf - ok
    17:27:49.0009 3436 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:27:49.0012 3436 WUDFRd - ok
    17:27:49.0021 3436 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    17:27:49.0023 3436 wudfsvc - ok
    17:27:49.0035 3436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    17:27:49.0039 3436 WwanSvc - ok
    17:27:49.0083 3436 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    17:27:49.0086 3436 YahooAUService - ok
    17:27:49.0113 3436 ================ Scan global ===============================
    17:27:49.0130 3436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    17:27:49.0190 3436 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
    17:27:49.0195 3436 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\Windows\system32\winsrv.dll
    17:27:49.0216 3436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    17:27:49.0237 3436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    17:27:49.0239 3436 [Global] - ok
    17:27:49.0240 3436 ================ Scan MBR ==================================
    17:27:49.0257 3436 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    17:27:49.0619 3436 \Device\Harddisk0\DR0 - ok
    17:27:49.0622 3436 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    17:27:49.0777 3436 \Device\Harddisk1\DR1 - ok
    17:27:49.0787 3436 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk3\DR3
    17:27:49.0800 3436 \Device\Harddisk3\DR3 - ok
    17:27:49.0801 3436 ================ Scan VBR ==================================
    17:27:49.0813 3436 [ 6D184660BD4D7D1F63EAE7BEDD0C5771 ] \Device\Harddisk0\DR0\Partition1
    17:27:49.0817 3436 \Device\Harddisk0\DR0\Partition1 - ok
    17:27:49.0825 3436 [ 0EC1E313B9FB319648A1A5695DFAE261 ] \Device\Harddisk0\DR0\Partition2
    17:27:49.0828 3436 \Device\Harddisk0\DR0\Partition2 - ok
    17:27:49.0835 3436 [ 862DB304AB63920B68FFCE1C193B2206 ] \Device\Harddisk1\DR1\Partition1
    17:27:49.0838 3436 \Device\Harddisk1\DR1\Partition1 - ok
    17:27:49.0844 3436 [ A5C521CFE20BCF05630F6E67C85E6623 ] \Device\Harddisk1\DR1\Partition2
    17:27:49.0847 3436 \Device\Harddisk1\DR1\Partition2 - ok
    17:27:49.0854 3436 [ 7B18EC3F898F26957791B9FD52F52C38 ] \Device\Harddisk3\DR3\Partition1
    17:27:49.0855 3436 \Device\Harddisk3\DR3\Partition1 - ok
    17:27:49.0855 3436 ============================================================
    17:27:49.0855 3436 Scan finished
    17:27:49.0855 3436 ============================================================
    17:27:49.0864 1840 Detected object count: 0
    17:27:49.0864 1840 Actual detected object count: 0
    17:29:51.0762 3096 Deinitialize success
  9. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    RogueKiller V8.2.0 [10/22/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 64 bits version
    Started in : Normal mode
    User : Grumpy [Admin rights]
    Mode : Remove -- Date : 10/23/2012 17:42:04

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [TASK][BLPATH] HPCustParticipation HP Deskjet 3050 J610 series : "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe" /UA 9.0 /DDV 0x0805 -> DELETED
    [TASK][SUSP PATH] {55BFA291-EF9A-4CB9-849A-B3EA3056DE18} : C:\Windows\system32\pcalua.exe -a "C:\Users\Grumpy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5WVCHSV\zyngaIE_toolbar[1].exe" -d C:\Users\Grumpy\Desktop -> DELETED
    [STARTUP][SUSP PATH] _uninst_.lnk @grumpy : C:\Users\Grumpy\AppData\Local\Temp\_uninst_.bat -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Documents and Settings\Administrator.PC-COMP\NTUSER.DAT
    -> D:\Documents and Settings\Administrator.RONALD-CREST\NTUSER.DAT
    -> D:\Documents and Settings\All Users\NTUSER.DAT
    -> D:\Documents and Settings\All Users.WINDOWS\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT
    -> D:\Documents and Settings\Default User.WINDOWS\NTUSER.DAT
    -> D:\Documents and Settings\Eric Codrington\NTUSER.DAT
    -> D:\Documents and Settings\Grumpy\NTUSER.DAT
    -> D:\Documents and Settings\Lawrence Foster\NTUSER.DAT
    -> D:\Documents and Settings\LocalService\NTUSER.DAT
    -> D:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
    -> D:\Documents and Settings\NetworkService\NTUSER.DAT
    -> D:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
    -> D:\Documents and Settings\PC\NTUSER.DAT
    -> D:\Documents and Settings\RONALD\NTUSER.DAT
    -> D:\Documents and Settings\Sean Fields\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST31000528AS ATA Device +++++
    --- User ---
    [MBR] 67a305335084cf3f38c22ca796358999
    [BSP] 9a35c1f131088d1649dcda05fcaeb4cf : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: WDC WD3000JB-00KFA0 ATA Device +++++
    --- User ---
    [MBR] 868a62225c6dc25252878c8d622705c0
    [BSP] 3d17152d278a16ebe67bcb3d5584c38c : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 45394 Mo
    1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 92968155 | Size: 85674 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive3: HP v125w USB Device +++++
    --- User ---
    [MBR] 53c2492ca38af535805cb2606964c8bb
    [BSP] c3a9f67641fe290c644b986fde1f66b1 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 7643 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  10. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.10.23.09

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Grumpy :: GRUMPY-PC [administrator]

    10/23/2012 5:45:30 PM
    mbam-log-2012-10-23 (17-45-30).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205352
    Time elapsed: 4 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  11. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-23 18:09:05
    -----------------------------
    18:09:05.995 OS Version: Windows x64 6.1.7600
    18:09:05.995 Number of processors: 4 586 0x402
    18:09:05.995 ComputerName: GRUMPY-PC UserName: Grumpy
    18:09:08.378 Initialize success
    18:09:57.525 AVAST engine defs: 12102300
    18:10:36.715 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:10:36.720 Disk 0 Vendor: ST31000528AS CC38 Size: 953869MB BusType: 3
    18:10:36.727 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
    18:10:36.733 Disk 1 Vendor: WDC_WD3000JB-00KFA0 08.05J08 Size: 286168MB BusType: 3
    18:10:36.744 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000007e
    18:10:36.747 Disk 2 Vendor: IOMEGA__ 41.S Size: 286168MB BusType: 8
    18:10:36.770 Disk 0 MBR read successfully
    18:10:36.773 Disk 0 MBR scan
    18:10:36.782 Disk 0 Windows 7 default MBR code
    18:10:36.792 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    18:10:36.804 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
    18:10:36.825 Disk 0 scanning C:\Windows\system32\drivers
    18:10:50.179 Service scanning
    18:11:13.449 Modules scanning
    18:11:13.470 Disk 0 trace - called modules:
    18:11:13.490 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    18:11:13.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aec060]
    18:11:13.507 3 CLASSPNP.SYS[fffff8800197143f] -> nt!IofCallDriver -> [0xfffffa800746d580]
    18:11:13.514 5 ACPI.sys[fffff88000f15781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800746c060]
    18:11:26.355 AVAST engine scan C:\Windows
    18:11:28.935 AVAST engine scan C:\Windows\system32
    18:15:03.396 AVAST engine scan C:\Windows\system32\drivers
    18:15:16.875 AVAST engine scan C:\Users\Grumpy
    18:36:12.154 AVAST engine scan C:\ProgramData
    18:40:47.870 Scan finished successfully
    18:54:15.218 Disk 0 MBR has been saved successfully to "C:\installations 2\fixpc\MBR.dat"
    18:54:15.234 The log file has been saved successfully to "C:\installations 2\fixpc\aswMBR.txt"
  12. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  13. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    I ran app remover as instructed/suggested by the combofix app and I uninstalled avg. rebooted. ran combofix and combo fix detects that I have avg. I check control panel. it's gone. I reran appremover and selected to uninstall or clean a possible failed uninstall (clean up all files) and it ran through and then shows no files or programs available to be removed. do I continue with combofix anyways?
     
  14. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    I check the processes also and the system tray icons. I have nothing with avg listed running.
  15. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    In that case disregard Combofix warning.
  16. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    Just to mention, I put the file (combofix) on the desktop and followed the instructions exactly. I got an error message while combofix was running at the point of "scanning for infected files" (the start of that) and soon after the message "windows command processor has stopped working" and had a close program button. I closed. rebooted. then I right clicked on the file and said run as administrator and tried again. it worked fine. below are results.

    ComboFix 12-10-23.01 - Grumpy 10/23/2012 21:18:08.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6630 [GMT -4:00]
    Running from: c:\users\Grumpy\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files (x86)\Search Toolbar
    c:\program files (x86)\Search Toolbar\icon.ico
    c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
    c:\programdata\8fc86754.pad
    c:\users\Grumpy\AppData\Roaming\PriceGong
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\1.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\a.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\b.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\c.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\d.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\e.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\f.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\g.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\h.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\I.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\J.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\k.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\l.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\m.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\mru.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\n.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\o.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\p.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\q.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\r.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\s.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\t.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\u.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\v.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\w.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\x.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\y.xml
    c:\users\Grumpy\AppData\Roaming\PriceGong\Data\z.xml
    c:\windows\SysWow64\Cache
    c:\windows\SysWow64\Cache\0c907b4115e648e1.fb
    c:\windows\SysWow64\Cache\272512937d9e61a4.fb
    c:\windows\SysWow64\Cache\287204568329e189.fb
    c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
    c:\windows\SysWow64\Cache\2c53092c95605355.fb
    c:\windows\SysWow64\Cache\30794253b7f0e212.fb
    c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
    c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
    c:\windows\SysWow64\Cache\3917078cb68ec657.fb
    c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
    c:\windows\SysWow64\Cache\5d5462b96f79ae5b.fb
    c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
    c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\SysWow64\Cache\6a2b0972b4bb9467.fb
    c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
    c:\windows\SysWow64\Cache\a06deb103dd5633c.fb
    c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
    c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
    c:\windows\SysWow64\Cache\c1fa887b03019701.fb
    c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
    c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
    c:\windows\SysWow64\Cache\d2e94710a5708128.fb
    c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
    c:\windows\SysWow64\Cache\ddc82c3cdb7d7427.fb
    c:\windows\SysWow64\Cache\e0de16f883bea794.fb
    c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_BKAVAUTO
    -------\Legacy_NPF
    -------\Legacy_SYSLIB
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-24 to 2012-10-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-24 01:33 . 2012-10-24 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-23 21:52 . 2012-10-23 21:52 -------- d-----w- C:\FRST
    2012-10-22 17:23 . 2012-06-05 07:37 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
    2012-10-22 05:01 . 2012-10-22 05:01 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-10-22 04:57 . 2012-10-23 15:42 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-10-22 04:53 . 2012-10-22 04:53 -------- d-----w- c:\program files\CCleaner
    2012-10-22 04:48 . 2012-10-22 04:48 -------- d-----w- c:\users\Grumpy\AppData\Roaming\Malwarebytes
    2012-10-22 04:48 . 2012-10-22 04:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-22 04:48 . 2012-10-22 04:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-22 04:48 . 2012-09-29 23:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-17 22:16 . 2012-10-17 22:16 -------- d-----w- C:\found.013
    2012-10-12 23:03 . 2012-10-12 23:03 -------- d-----w- c:\users\Grumpy\AppData\Roaming\AVG
    2012-10-12 23:02 . 2012-10-12 23:04 -------- d-----w- c:\programdata\AVG
    2012-10-12 23:02 . 2012-10-12 23:02 -------- d-sh--w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-10-10 01:30 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-10 01:29 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 01:29 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-10 01:29 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-10-10 01:29 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
    2012-10-10 01:29 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-10-10 01:29 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-10-10 01:29 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-10-10 01:29 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll
    2012-10-10 01:29 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
    2012-10-10 01:28 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-10-10 01:28 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
    2012-10-10 01:28 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-10-10 01:28 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-10-10 01:28 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-10-10 01:28 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-10-07 23:43 . 2012-10-07 23:43 -------- d-----w- C:\found.012
    2012-09-29 13:23 . 2012-09-29 13:23 -------- d-----w- c:\users\Grumpy\AppData\Roaming\TuneUp Software
    2012-09-29 13:18 . 2012-09-29 14:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Avg2013
    2012-09-29 13:15 . 2012-10-22 18:44 -------- d-----w- c:\users\Grumpy\AppData\Local\Avg2013
    2012-09-29 13:15 . 2012-09-29 13:15 -------- d-----w- c:\users\Grumpy\AppData\Local\MFAData
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-17 22:00 . 2011-12-17 17:48 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-10-17 22:00 . 2011-12-17 17:48 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-10-17 22:00 . 2011-12-17 17:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-10-17 22:00 . 2011-12-05 10:53 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-10-15 03:02 . 2010-06-12 00:55 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-10-08 23:17 . 2012-03-29 10:37 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-08 23:17 . 2011-05-16 10:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-22 20:34 . 2011-04-23 06:48 101688 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
    2012-09-21 10:46 . 2011-10-22 17:03 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-09-21 10:46 . 2011-10-22 17:03 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-09-13 07:52 . 2011-10-22 17:04 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-09-13 07:51 . 2011-10-22 17:03 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-09-06 03:24 . 2012-09-06 03:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2012-09-06 03:24 . 2012-09-06 03:24 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2012-08-26 12:56 . 2012-08-26 12:56 138400 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
    2012-08-26 12:56 . 2012-08-26 12:56 138400 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2012-08-21 17:01 . 2012-09-20 21:42 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 17:01 . 2010-08-15 02:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2012-08-21 17:01 . 2010-08-15 02:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2012-08-18 11:19 . 2012-10-10 22:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:55 . 2012-09-12 08:02 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 17:05 . 2012-09-12 08:02 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-07-30 15:24 . 2012-07-30 15:24 158720 ----a-w- c:\windows\system32\drivers\ser2pl64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
    [HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2012-08-29 93856]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
    "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-06 296096]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-4-9 598150]
    NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2010-6-11 3280896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
    "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 135664]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2009-11-04 278528]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
    R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 135664]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-23 115168]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-12 1255736]
    R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-09-22 101688]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
    S1 RapportCerberus_42020;RapportCerberus_42020;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys [2012-08-09 397720]
    S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-09-22 55096]
    S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-09-22 297240]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-11-10 204288]
    S2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe [2009-07-09 1044648]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-09-22 976728]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-11-10 10567680]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-11-10 325632]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-06-16 17:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:17]
    .
    2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 05:29]
    .
    2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-25 05:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-01 1873288]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;;localhost
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Grumpy\AppData\Roaming\Mozilla\Firefox\Profiles\eeab7iv9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-08-25 18:38; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - ExtSQL: !HIDDEN! 2010-06-19 15:56; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)
    Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files (x86)\Search Toolbar\SearchToolbar.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    SafeBoot-28365168.sys
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-LimeWire - j:\house of music\LimeWire\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
    @="131473"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\SysWOW64\ScsiAccess.EXE
    c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-23 21:41:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-24 01:41
    .
    Pre-Run: 823,428,796,416 bytes free
    Post-Run: 823,469,154,304 bytes free
    .
    - - End Of File - - FC404640089A4AC79F96BB8B947E0901
  17. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    Looks good.

    Any current issues?

    You can reinstall AVG now.

    ===================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  18. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    No more issues. wait 1 issue. on this computer I see a *** a message dona$$ *** on the bottom of your replies but on my other computer I don't see it. is it real and what is it. (purposely leaving out what it says. your message signature so u can tell me it's real)

    OTL logfile created on: 10/23/2012 10:34:27 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Grumpy\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 7.10 Gb Available Physical Memory | 88.82% Memory free
    16.00 Gb Paging File | 14.64 Gb Available in Paging File | 91.52% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 767.05 Gb Free Space | 82.35% Space Free | Partition Type: NTFS
    Drive D: | 44.33 Gb Total Space | 17.90 Gb Free Space | 40.37% Space Free | Partition Type: NTFS
    Drive E: | 83.67 Gb Total Space | 79.10 Gb Free Space | 94.54% Space Free | Partition Type: NTFS
    Drive G: | 87.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive J: | 7.45 Gb Total Space | 5.44 Gb Free Space | 73.00% Space Free | Partition Type: FAT32

    Computer Name: GRUMPY-PC | User Name: Grumpy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/23 22:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grumpy\Desktop\OTL.exe
    PRC - [2012/09/22 16:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2012/09/10 16:58:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    PRC - [2012/09/05 23:24:45 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/08/29 14:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/05/18 05:04:52 | 000,434,168 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
    PRC - [2012/01/23 00:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () -- C:\Windows\SysWOW64\ScsiAccess.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
    MOD - [2012/05/30 06:39:50 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
    MOD - [2012/05/18 05:04:54 | 000,252,408 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
    MOD - [2012/05/18 05:04:54 | 000,067,576 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
    MOD - [2012/05/18 05:04:44 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
    MOD - [2012/05/18 05:04:44 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
    MOD - [2012/05/18 05:04:44 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
    MOD - [2012/05/18 05:04:42 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
    MOD - [2012/05/18 05:04:42 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/06/16 12:48:34 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    MOD - [2010/06/16 12:48:32 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    MOD - [2010/06/16 12:48:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    MOD - [2010/02/11 10:00:12 | 003,280,896 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
    MOD - [2009/09/03 11:15:48 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2011/11/10 03:11:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/09 18:48:34 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldtcoms.exe -- (dldt_device)
    SRV - [2012/10/23 16:46:23 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/08 19:17:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/11/04 15:31:02 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
    SRV - [2003/02/04 08:22:30 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ScsiAccess.EXE -- (ScsiAccess)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2012/08/26 08:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/30 11:24:30 | 000,158,720 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
    DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/11/10 03:45:32 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/11/10 02:12:46 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
    DRV:64bit: - [2011/05/13 03:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV:64bit: - [2011/04/19 09:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
    DRV:64bit: - [2011/04/08 23:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/09 23:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/13 21:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
    DRV:64bit: - [2006/11/29 18:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
    DRV - [2012/09/22 16:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
    DRV - [2012/09/22 16:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2012/08/26 08:56:21 | 000,138,400 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
    DRV - [2012/08/09 17:30:12 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://start.funmoods.com/results.p...C0Czy0FtN0D0TzutBtDtCtBtDyCtCyB&cr=2115539453
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
    IE - HKLM\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://start.funmoods.com/results.p...C0Czy0FtN0D0TzutBtDtCtBtDyCtCyB&cr=2115539453
    IE - HKLM\..\SearchScopes\{677A1A63-DC3B-D908-A311-12DDDA714D0F}: "URL" = http://slirsredirect.search.aol.com...cationType=tb50-ie-aolTB50CL-chromesbox-en-us

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 00 F5 20 B4 09 CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
    IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
    IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=94b2cc9f0000000000000026f2442a0b
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekkosearch.mystart.com/TOO...20417C21A4866A5B228536E60A48C&q={searchTerms}
    IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com...cationType=tb50-ie-aolTB50CL-chromesbox-en-us
    IE - HKCU\..\SearchScopes\{46D29D2A-38DB-49BB-8D22-F7C71111E343}: "URL" = http://www.tepela.com/search/?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&rls=oc9XsZ0e
    IE - HKCU\..\SearchScopes\{4B0E8280-9801-4BB6-B78E-641EC329D36F}: "URL" = http://www.flickr.com/search/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{5070F968-A5C4-4FD2-9B52-AD7E67E4570E}: "URL" = http://delicious.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{677A1A63-DC3B-D908-A311-12DDDA714D0F}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=94b2cc9f0000000000000026f2442a0b
    IE - HKCU\..\SearchScopes\{C9FDBEA3-27D7-4620-8B1C-75AFB6D99F41}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;;localhost

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6
    FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421,,localhost"
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Grumpy\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Grumpy\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/19 15:54:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/07/04 19:28:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/07/12 11:59:40 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/05 23:25:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/23 16:46:23 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/23 16:46:19 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/19 15:54:54 | 000,000,000 | ---D | M]

    [2012/06/17 16:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grumpy\AppData\Roaming\Mozilla\Extensions
    [2011/03/16 17:38:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grumpy\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2010/06/11 22:50:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grumpy\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2012/10/23 11:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Grumpy\AppData\Roaming\Mozilla\Firefox\Profiles\eeab7iv9.default\extensions
    [2012/10/23 16:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/10/23 16:46:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/10/23 16:46:18 | 000,000,000 | ---D | M] (BarQuery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}
    [2012/09/05 23:25:07 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
    [2012/10/23 16:46:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2009/11/06 12:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/06 12:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/09/05 23:24:51 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
    [2012/06/17 15:53:39 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/09/11 12:42:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/03/16 16:34:49 | 000,002,198 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google-search.xml
    [2012/04/16 22:23:45 | 000,002,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
    [2012/10/23 16:46:22 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\1.0.1_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdloijijlkoblmigdofommgnheckmaki\1.5.1_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: No name found = C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/23 21:35:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe (SlySoft, Inc.)
    O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
    O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
    O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
    O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab (Windows Live OneCare safety scanner control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B80150E-759D-4D1C-B0FC-389499F72C88}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49FF03DF-93B1-4DE1-8BDA-3F0CCA111A00}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BC7BD62-3A17-4A8C-AFDE-2FD5E2325372}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF041CF0-8D07-449D-9AA9-A46389A2397D}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/06/11 21:19:08 | 000,000,252 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2000/10/18 21:49:46 | 000,000,103 | ---- | M] () - D:\AUTOEXEC.BIT -- [ NTFS ]
    O32 - AutoRun File - [2002/06/11 21:19:08 | 000,000,252 | -H-- | M] () - D:\AUTOEXEC.CAM -- [ NTFS ]
    O32 - AutoRun File - [2001/11/10 09:24:30 | 000,000,115 | -HS- | M] () - D:\AUTOEXEC.DOS -- [ NTFS ]
    O32 - AutoRun File - [2001/11/10 13:13:06 | 000,000,254 | ---- | M] () - D:\AUTOEXEC.TSH -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  19. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/23 22:33:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Grumpy\Desktop\OTL.exe
    [2012/10/23 21:36:02 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/10/23 21:03:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/23 21:03:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/23 21:03:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/23 19:37:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/23 19:37:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/23 19:32:12 | 004,988,110 | R--- | C] (Swearware) -- C:\Users\Grumpy\Desktop\ComboFix.exe
    [2012/10/23 17:52:48 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/23 17:40:00 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\Desktop\RK_Quarantine
    [2012/10/23 17:16:24 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\Desktop\tdsskiller(1)
    [2012/10/23 16:46:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2012/10/22 13:23:11 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
    [2012/10/22 01:01:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
    [2012/10/22 00:57:09 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/22 00:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/10/22 00:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/10/22 00:48:24 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Roaming\Malwarebytes
    [2012/10/22 00:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/22 00:48:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/22 00:48:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/10/22 00:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/10/18 17:13:55 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\{59D117E6-E758-40A8-A446-F0C5157500A6}
    [2012/10/17 22:07:27 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\{C3BC2E1A-7A30-4F07-BF2B-1D3E9E98ED75}
    [2012/10/17 18:16:52 | 000,000,000 | ---D | C] -- C:\found.013
    [2012/10/14 22:18:08 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\{1A1E4CB4-EE4B-4434-9F7E-6FECE320B2FA}
    [2012/10/12 19:03:29 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Roaming\AVG
    [2012/10/12 19:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
    [2012/10/12 19:02:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2012/10/10 18:15:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 18:15:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 18:15:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 18:15:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012/10/10 18:15:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012/10/10 18:15:26 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012/10/10 18:15:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012/10/10 18:15:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012/10/10 18:15:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012/10/10 18:15:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012/10/10 18:15:18 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/10/10 18:15:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012/10/10 18:15:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012/10/10 18:15:17 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012/10/10 18:15:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/10/10 18:15:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/10/10 18:15:16 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012/10/10 18:15:16 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012/10/09 21:29:59 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2012/10/09 21:29:57 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2012/10/09 21:29:57 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2012/10/09 21:29:48 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2012/10/09 21:28:53 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2012/10/09 21:28:53 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2012/10/08 18:02:26 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\Desktop\baby shower
    [2012/10/07 21:54:10 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\{5AF65E98-6C90-4AF2-B8DA-7E465E5BDACF}
    [2012/10/07 19:43:45 | 000,000,000 | ---D | C] -- C:\found.012
    [2012/09/29 18:41:00 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\{1AE1E6FE-AF3E-4944-8BAD-4C4B27E30370}
    [2012/09/29 09:23:43 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Roaming\AVG2013
    [2012/09/29 09:23:19 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Roaming\TuneUp Software
    [2012/09/29 09:18:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2012/09/29 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\MFAData
    [2012/09/29 09:15:47 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\Avg2013
    [2012/09/26 21:57:34 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\{18538102-3BE7-4B9E-A1F1-BB29FD78C27C}
    [2012/09/25 20:30:33 | 000,000,000 | ---D | C] -- C:\Users\Grumpy\AppData\Local\{4FC66E94-0F90-4BC0-BF85-9A439D25FFF8}
    [2012/09/24 06:48:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/09/24 06:48:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/09/24 06:48:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/09/24 06:48:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/09/24 06:48:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/09/24 06:48:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/09/24 06:48:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/09/24 06:48:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/09/24 06:48:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/09/24 06:48:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/09/24 06:48:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/09/24 06:48:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/09/24 06:48:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/09/24 06:48:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/09/24 06:48:42 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/10/23 22:32:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Grumpy\Desktop\OTL.exe
    [2012/10/23 22:30:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/23 22:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/23 21:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/23 21:43:35 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/23 21:43:35 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/23 21:35:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/23 21:35:37 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/23 21:35:25 | 2146,783,231 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/23 19:14:53 | 004,988,110 | R--- | M] (Swearware) -- C:\Users\Grumpy\Desktop\ComboFix.exe
    [2012/10/23 17:37:13 | 001,580,544 | ---- | M] () -- C:\Users\Grumpy\Desktop\RogueKiller.exe
    [2012/10/23 17:15:33 | 002,194,704 | ---- | M] () -- C:\Users\Grumpy\Desktop\tdsskiller(1).zip
    [2012/10/22 13:29:38 | 000,150,293 | ---- | M] () -- C:\Users\Grumpy\AppData\Local\census.cache
    [2012/10/22 13:29:33 | 000,096,958 | ---- | M] () -- C:\Users\Grumpy\AppData\Local\ars.cache
    [2012/10/22 13:22:31 | 000,000,036 | ---- | M] () -- C:\Users\Grumpy\AppData\Local\housecall.guid.cache
    [2012/10/22 00:53:57 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/10/22 00:48:13 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/10/18 21:47:51 | 000,124,052 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
    [2012/10/10 18:55:35 | 000,002,338 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/10/08 19:17:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/10/08 19:17:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/10/23 21:03:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/23 21:03:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/23 21:03:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/23 21:03:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/23 21:03:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/23 17:37:57 | 001,580,544 | ---- | C] () -- C:\Users\Grumpy\Desktop\RogueKiller.exe
    [2012/10/23 17:16:17 | 002,194,704 | ---- | C] () -- C:\Users\Grumpy\Desktop\tdsskiller(1).zip
    [2012/10/22 13:29:38 | 000,150,293 | ---- | C] () -- C:\Users\Grumpy\AppData\Local\census.cache
    [2012/10/22 13:29:33 | 000,096,958 | ---- | C] () -- C:\Users\Grumpy\AppData\Local\ars.cache
    [2012/10/22 13:22:31 | 000,000,036 | ---- | C] () -- C:\Users\Grumpy\AppData\Local\housecall.guid.cache
    [2012/10/22 00:53:57 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/10/22 00:48:13 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/06/17 09:35:26 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2012/06/17 08:46:40 | 000,302,425 | ---- | C] () -- C:\Users\Grumpy\AppData\Local\funmoods-speeddial.crx
    [2011/11/10 02:36:06 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2011/11/10 02:36:06 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2011/10/26 23:29:05 | 000,000,023 | ---- | C] () -- C:\Windows\kodakpcd.ini
    [2011/10/16 16:14:30 | 000,124,052 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/07/10 14:29:58 | 000,000,000 | ---- | C] () -- C:\Users\Grumpy\AppData\Local\{3138673C-DD04-4DF7-BE07-EED9EB9BB0D9}
    [2010/06/20 11:36:39 | 000,023,357 | ---- | C] () -- C:\Users\Grumpy\AppData\Roaming\UserTile.png
    [2010/06/12 23:01:03 | 000,859,811 | ---- | C] () -- C:\Users\Grumpy\AppData\Roaming\default.rss
    [2010/06/11 22:29:25 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A3E39C6A

    < End of report >
  20. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    OTL Extras logfile created on: 10/23/2012 10:34:29 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Grumpy\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 7.10 Gb Available Physical Memory | 88.82% Memory free
    16.00 Gb Paging File | 14.64 Gb Available in Paging File | 91.52% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 767.05 Gb Free Space | 82.35% Space Free | Partition Type: NTFS
    Drive D: | 44.33 Gb Total Space | 17.90 Gb Free Space | 40.37% Space Free | Partition Type: NTFS
    Drive E: | 83.67 Gb Total Space | 79.10 Gb Free Space | 94.54% Space Free | Partition Type: NTFS
    Drive G: | 87.85 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive J: | 7.45 Gb Total Space | 5.44 Gb Free Space | 73.00% Space Free | Partition Type: FAT32

    Computer Name: GRUMPY-PC | User Name: Grumpy | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{650AF771-456D-418F-BFC7-F6FFC9D0235C}" = HP Deskjet 3050 J610 series Basic Device Software
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
    "{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FEB2C4AA-661E-483F-9626-21A8ACFD10F2}" = HP Deskjet 3050 J610 series Product Improvement Study
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "CCleaner" = CCleaner
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
    "{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi
    "{050ED764-D5FD-4D33-8FCD-AC48250C0798}" = LeadTool
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
    "{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 29
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{286F582B-30B0-4291-919C-D75D69632CEC}" = Windows Internet Explorer Platform Preview
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
    "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
    "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
    "{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Red
  21. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    Istributable - x86 9.0.30729.6161
    "{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
    "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
    "{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
    "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C42C10A8-F2F4-4846-B772-ABD1912A2E85}" = PCDrdsho
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
    "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
    "{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FF91A786-9EBE-47A2-86A9-5694560AA349}" = Nero 10 Football Movie ThemePack
    "040a_5005" = USB MassStorage CardReader
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Akamai" = Akamai NetSession Interface Service
    "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
    "AnyDVD" = AnyDVD
    "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
    "AOL Toolbar" = AOL Toolbar
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "BFGC" = Big Fish Games: Game Manager
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "blekkotb_soc" = Blekko search bar
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Google Chrome" = Google Chrome
    "HP Photo Creations" = HP Photo Creations
    "LimeWire" = LimeWire 5.5.13
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Masque Slots II" = Masque Slots II
    "Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MyTomTom" = MyTomTom 3.2.0.700
    "Rapport_msi" = Rapport
    "RealPlayer 15.0" = RealPlayer
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "TomTom HOME" = TomTom HOME 2.8.3.2499
    "UMPlayer" = UMPlayer 0.98 [Athlon]
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite" = Windows Live Essentials
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Facebook Plug-In" = Facebook Plug-In
    "Play65" = Play65
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/22/2012 6:57:26 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/22/2012 6:57:26 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7005

    Error - 10/22/2012 6:57:26 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7005

    Error - 10/22/2012 6:57:27 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/22/2012 6:57:27 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8003

    Error - 10/22/2012 6:57:27 PM | Computer Name = Grumpy-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

    Error - 10/23/2012 7:28:55 PM | Computer Name = Grumpy-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: EasyShare.exe, version: 2.0.2.225, time
    stamp: 0x3e93fc57 Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time
    stamp: 0x4eeaf834 Exception code: 0x40000015 Fault offset: 0x0005620a Faulting process
    id: 0xb04 Faulting application start time: 0x01cdb1761d4eeb27 Faulting application
    path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe Faulting
    module path: C:\Windows\syswow64\msvcrt.dll Report Id: 6901cc94-1d69-11e2-9aac-00038a000015

    Error - 10/23/2012 9:04:45 PM | Computer Name = Grumpy-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: CF29834.3XE, version: 6.1.7600.16385, time
    stamp: 0x4a5bc48d Faulting module name: ntdll.dll, version: 6.1.7600.16915, time
    stamp: 0x4ec4b137 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ae2 Faulting
    process id: 0x1214 Faulting application start time: 0x01cdb1836888abec Faulting application
    path: C:\ComboFix\CF29834.3XE Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: cc4d9c86-1d76-11e2-9aac-00038a000015

    Error - 10/23/2012 9:13:42 PM | Computer Name = Grumpy-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: EasyShare.exe, version: 2.0.2.225, time
    stamp: 0x3e93fc57 Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time
    stamp: 0x4eeaf834 Exception code: 0x40000015 Fault offset: 0x0005620a Faulting process
    id: 0x880 Faulting application start time: 0x01cdb184c4396961 Faulting application
    path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe Faulting
    module path: C:\Windows\syswow64\msvcrt.dll Report Id: 0c59adc7-1d78-11e2-8a05-00038a000015

    Error - 10/23/2012 9:36:09 PM | Computer Name = Grumpy-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: EasyShare.exe, version: 2.0.2.225, time
    stamp: 0x3e93fc57 Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time
    stamp: 0x4eeaf834 Exception code: 0x40000015 Fault offset: 0x0005620a Faulting process
    id: 0xdb0 Faulting application start time: 0x01cdb187ee665349 Faulting application
    path: C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe Faulting
    module path: C:\Windows\syswow64\msvcrt.dll Report Id: 2f4b5cca-1d7b-11e2-84b7-00038a000015

    [ Media Center Events ]
    Error - 10/17/2012 4:54:04 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 4:54:04 AM - Error connecting to the internet. 4:54:04 AM - Unable
    to contact server..

    Error - 10/17/2012 4:54:12 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 4:54:09 AM - Error connecting to the internet. 4:54:09 AM - Unable
    to contact server..

    Error - 10/17/2012 5:54:14 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 5:54:14 AM - Error connecting to the internet. 5:54:14 AM - Unable
    to contact server..

    Error - 10/17/2012 5:54:22 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 5:54:19 AM - Error connecting to the internet. 5:54:19 AM - Unable
    to contact server..

    Error - 10/22/2012 3:27:27 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 3:27:19 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    Error - 10/22/2012 4:27:42 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 4:27:40 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    Error - 10/22/2012 5:27:57 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 5:27:56 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    Error - 10/22/2012 6:28:12 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 6:28:11 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    Error - 10/23/2012 3:42:17 AM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 3:42:17 AM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    Error - 10/23/2012 3:30:45 PM | Computer Name = Grumpy-PC | Source = MCUpdate | ID = 0
    Description = 3:30:37 PM - Failed to retrieve SportsSchedule.enc (Error: BITS 0x80070424)


    [ System Events ]
    Error - 10/23/2012 9:16:13 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7034
    Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
    time(s).

    Error - 10/23/2012 9:16:13 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7034
    Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
    It has done this 1 time(s).

    Error - 10/23/2012 9:18:06 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7034
    Description = The ScsiAccess service terminated unexpectedly. It has done this
    1 time(s).

    Error - 10/23/2012 9:29:55 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/23/2012 9:33:08 PM | Computer Name = Grumpy-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 10/23/2012 9:33:58 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/23/2012 9:34:08 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 10/23/2012 9:34:14 PM | Computer Name = Grumpy-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
    Description =

    Error - 10/23/2012 9:35:25 PM | Computer Name = Grumpy-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
    Description =

    Error - 10/23/2012 9:35:37 PM | Computer Name = Grumpy-PC | Source = Service Control Manager | ID = 7000
    Description = The Nero BackItUp Scheduler 4.0 service failed to start due to the
    following error: %%2


    < End of report >
  22. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    If all is ok I thank you very much. I just need to get that info from you regarding your post signature. not sure if it's a fraud or something. I dont see it on an unaffected computer. can it be because I'm not logged into this site from that computer??? I don't want to log into the site on that computer until I'm done here. don't want to mess up the thread or anything.
  23. Broni

    Broni Malware Annihilator Posts: 45,188   +242

    The message at the bottom is real.
    On your other computer you may have signatures disabled.

    You forgot to reinstall AVG.

    ===================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;;localhost
      O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
      O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
      O2 - BHO: (no name) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
      O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
      O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2012/10/23 17:52:48 | 000,000,000 | ---D | C] -- C:\FRST
      [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A3E39C6A
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ==============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    Reinstalled avg. thanks. continuing with your orders.
  25. Lfis492a

    Lfis492a Newcomer, in training Topic Starter Posts: 38

    All processes killed
    ========== OTL ==========
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aol.com\objects\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\U folder moved successfully.
    C:\FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb}\L folder moved successfully.
    C:\FRST\Quarantine\{1b405ce6-8848-e2d9-71ed-723aea56cefb} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ADS C:\ProgramData\TEMP:A3E39C6A deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Grumpy
    ->Temp folder emptied: 22582352 bytes
    ->Temporary Internet Files folder emptied: 339490 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 61468373 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1526 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 93974 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 123362024 bytes

    Total Files Cleaned = 198.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Grumpy
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Default

    User: Default User

    User: Grumpy
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10242012_104232

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    C:\Users\Grumpy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.