Win64/patched.a

mossimo654 · Nov 4, 2012

OTL logfile created on: 11/4/2012 12:40:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kyle\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 13.25 Gb Available Physical Memory | 83.06% Memory free
31.91 Gb Paging File | 28.90 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 50.15 Gb Free Space | 42.09% Space Free | Partition Type: NTFS
Drive D: | 7.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 1.87 Gb Total Space | 1.86 Gb Free Space | 99.83% Space Free | Partition Type: FAT

Computer Name: KYLE-PC | User Name: Kyle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/04 12:36:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kyle\Downloads\OTL.exe
PRC - [2012/10/30 20:38:53 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/30 20:38:52 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/30 11:20:58 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/08 21:28:44 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/05 12:42:44 | 001,353,080 | ---- | M] (Valve Corporation) -- A:\Program Files\Steam\Steam.exe
PRC - [2012/04/26 04:33:38 | 003,111,744 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe
PRC - [2012/04/26 04:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/04/02 16:25:42 | 003,111,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
PRC - [2012/03/13 11:34:12 | 002,935,424 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2012/03/06 15:14:34 | 001,154,176 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe
PRC - [2012/03/06 13:41:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012/03/06 13:41:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012/03/06 13:40:14 | 000,163,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/26 11:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/16 22:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
PRC - [2012/02/08 02:10:34 | 001,111,680 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2012/02/02 14:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
PRC - [2012/02/02 01:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/02/01 15:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/01/12 20:44:01 | 001,478,272 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe
PRC - [2012/01/10 08:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2012/01/04 13:13:24 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2011/10/31 08:57:48 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2011/10/28 17:59:26 | 000,918,448 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2011/09/08 20:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2011/05/27 10:07:36 | 000,160,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2010/03/01 16:16:06 | 000,313,864 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\SysWOW64\MAFWDITray.exe
PRC - [2009/01/26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/30 20:38:52 | 020,317,008 | ---- | M] () -- A:\Program Files\Steam\bin\libcef.dll
MOD - [2012/10/30 20:38:52 | 001,099,616 | ---- | M] () -- A:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2012/10/30 20:38:52 | 000,902,480 | ---- | M] () -- A:\Program Files\Steam\bin\chromehtml.dll
MOD - [2012/10/30 20:38:52 | 000,190,816 | ---- | M] () -- A:\Program Files\Steam\bin\avformat-53.dll
MOD - [2012/10/30 20:38:52 | 000,123,232 | ---- | M] () -- A:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/10/30 11:20:58 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/12 04:57:30 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cbbd3d2335c2d89b7ee5d035651bd80\IAStorUtil.ni.dll
MOD - [2012/10/12 04:57:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d68502fe60d7ada68627a895282ef58d\IAStorCommon.ni.dll
MOD - [2012/10/12 03:39:36 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012/10/12 03:39:22 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012/10/12 03:39:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012/10/12 03:39:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012/10/12 03:39:05 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012/10/12 03:39:03 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012/10/12 03:39:02 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012/10/12 03:38:59 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012/10/08 21:28:44 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/12 16:46:28 | 001,124,352 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
MOD - [2012/04/05 10:38:34 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2012/03/21 11:07:44 | 000,972,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2012/03/14 09:12:26 | 000,150,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
MOD - [2012/03/01 13:20:30 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2012/02/10 10:29:44 | 001,047,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2012/02/02 14:12:48 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
MOD - [2011/12/28 09:13:20 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2011/10/14 19:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011/09/26 18:36:24 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
MOD - [2011/09/26 17:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011/09/19 19:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011/09/07 22:23:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2011/07/21 08:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2011/07/12 18:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2010/10/05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
MOD - [2010/10/05 07:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2010/08/22 18:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
MOD - [2009/08/12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/04/05 18:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/30 20:38:52 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/30 11:20:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/08 21:28:44 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/06 13:41:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/06 13:41:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/06 13:40:14 | 000,163,608 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/16 22:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/02/02 01:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/02/01 15:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/12 20:44:01 | 001,478,272 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2011/10/28 17:59:26 | 000,918,448 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2011/05/27 10:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/05 00:13:18 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/04/05 21:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 17:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/26 11:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/26 11:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/26 11:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/23 04:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/03 05:01:20 | 000,677,480 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/01 15:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/03 10:10:42 | 000,395,752 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/11/03 10:10:42 | 000,130,536 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/09/15 23:12:58 | 000,032,360 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT)
DRV:64bit: - [2011/08/12 02:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2011/06/15 05:11:20 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2011/06/15 05:11:20 | 000,048,416 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2011/06/15 05:11:20 | 000,032,544 | R--- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2011/03/24 21:14:12 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/17 09:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010/03/01 16:15:50 | 000,287,240 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioProFire.sys -- (MAFWPROFIRE)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3220468
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A 30 07 A9 6E 89 CD 01 [binary data]
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2813369277-930754200-592956274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"
FF - prefs.js..extensions.enabledAddons: yesscript@userstyles.org:1.9
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 11:20:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/30 11:20:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/09/02 16:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Extensions
[2012/10/23 17:39:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tt6i0gtg.default\extensions
[2012/10/23 17:39:56 | 000,053,072 | ---- | M] () (No name found) -- C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tt6i0gtg.default\extensions\yesscript@userstyles.org.xpi
[2012/10/13 18:14:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/30 11:20:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 18:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 18:14:43 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/04 11:55:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {39677538-3E8F-721E-5669-15225D304BAE} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.139.290\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\MAFWDITray.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [Spotify] C:\Users\Kyle\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [Spotify Web Helper] C:\Users\Kyle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-2813369277-930754200-592956274-1000..\Run: [Steam] A:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2813369277-930754200-592956274-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2813369277-930754200-592956274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5188C32D-E869-4BAB-A741-B4B87AE80C5C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/06/23 20:43:35 | 000,000,031 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/04 11:57:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/04 11:55:37 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/04 11:52:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/04 11:52:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/04 11:52:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/04 11:51:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/11/04 11:50:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/04 11:49:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/04 10:53:24 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Malwarebytes
[2012/11/04 10:53:16 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/04 10:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/04 10:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/04 10:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/04 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\RK_Quarantine
[2012/11/04 10:04:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/03 21:29:11 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Cycling '74
[2012/11/03 13:02:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/11/03 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\New folder
[2012/11/03 12:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cycling '74
[2012/11/03 12:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cycling '74
[2012/11/03 12:03:29 | 000,000,000 | ---D | C] -- C:\Users\Kyle\Desktop\Soundcloud
[2012/10/30 20:38:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/27 14:26:25 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/10/24 11:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/10/24 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/10/24 11:57:18 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/10/24 11:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/10/24 11:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/10/24 11:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/10/24 11:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/10/24 11:54:49 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Microsoft Help
[2012/10/24 11:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/10/24 11:54:41 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/10/17 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Roaming\Spotify
[2012/10/17 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Kyle\AppData\Local\Spotify
[2012/10/13 18:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/12 03:26:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/10/12 03:25:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/10/09 17:47:47 | 000,000,000 | ---D | C] -- C:\Vstplugins
[2012/10/08 21:43:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/10/08 21:43:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/10/08 21:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2012/11/04 12:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/04 12:11:17 | 000,777,976 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/04 12:11:17 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/04 12:11:17 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/04 12:03:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/04 12:02:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/04 12:02:56 | 4260,024,318 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/04 11:55:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/04 11:54:56 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 11:54:56 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 11:44:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/04 11:13:42 | 000,000,512 | ---- | M] () -- C:\Users\Kyle\Desktop\MBR.dat
[2012/11/04 01:17:39 | 000,520,207 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.wav.asd
[2012/11/04 01:16:07 | 045,030,156 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.wav
[2012/11/03 13:24:39 | 017,174,384 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.m4a
[2012/11/03 12:22:24 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Max Runtime 5.1.lnk
[2012/11/03 12:22:24 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Max 5.1.lnk
[2012/11/03 12:10:56 | 000,516,255 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.aif.asd
[2012/11/03 12:09:34 | 044,645,294 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall.aif
[2012/11/02 14:47:10 | 015,949,304 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall 2.m4a
[2012/11/02 12:10:20 | 015,648,095 | ---- | M] () -- C:\Users\Kyle\Desktop\Minimall 1.m4a
[2012/10/30 20:46:11 | 000,484,499 | ---- | M] () -- C:\Users\Kyle\Desktop\Because harmony breakdown.mp3.asd
[2012/10/30 20:44:40 | 013,723,585 | ---- | M] () -- C:\Users\Kyle\Desktop\Because harmony breakdown.mp3
[2012/10/30 20:38:36 | 000,414,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/30 20:38:30 | 846,126,122 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/29 22:16:08 | 000,325,595 | ---- | M] () -- C:\Users\Kyle\Desktop\11 I Live With You.mp3.asd
[2012/10/27 14:16:40 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/27 14:07:46 | 000,003,021 | ---- | M] () -- C:\Users\Kyle\Desktop\Microsoft Word 2010.lnk
[2012/10/24 01:44:56 | 044,761,957 | ---- | M] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.m4a
[2012/10/24 01:44:13 | 000,360,523 | ---- | M] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav.asd
[2012/10/24 01:43:28 | 052,822,944 | ---- | M] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav
[2012/10/23 12:50:08 | 000,580,051 | ---- | M] () -- C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3.asd
[2012/10/23 12:49:06 | 004,603,720 | ---- | M] () -- C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3
[2012/10/23 00:02:19 | 000,599,263 | ---- | M] () -- C:\Users\Kyle\Desktop\Elena 1.m4a.asd
[2012/10/17 15:05:16 | 000,001,799 | ---- | M] () -- C:\Users\Kyle\Desktop\Spotify.lnk
[2012/10/12 10:15:50 | 020,865,884 | ---- | M] () -- C:\Users\Kyle\Desktop\Tittays.m4a
[2012/10/12 10:15:32 | 000,346,271 | ---- | M] () -- C:\Users\Kyle\Desktop\A cure.aif.asd
[2012/10/12 10:14:03 | 030,044,958 | ---- | M] () -- C:\Users\Kyle\Desktop\A cure.aif
[2012/10/12 10:10:29 | 038,159,697 | ---- | M] () -- C:\Users\Kyle\Desktop\A cure.m4a
[2012/10/12 04:43:04 | 000,002,048 | ---- | M] () -- C:\Windows\SysWow64\winver.exe
[2012/10/12 04:43:01 | 000,113,543 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs
[2012/10/12 04:43:01 | 000,113,543 | ---- | M] () -- C:\Windows\SysNative\slmgr.vbs
[2012/10/11 23:19:31 | 000,029,675 | ---- | M] () -- C:\Users\Kyle\Desktop\Avey.wav.asd
[2012/10/11 23:19:30 | 002,279,676 | ---- | M] () -- C:\Users\Kyle\Desktop\Avey.wav
[2012/10/10 00:11:43 | 000,373,279 | ---- | M] () -- C:\Users\Kyle\Desktop\08. A Cure.mp3.asd
[2012/10/09 02:05:55 | 000,055,175 | ---- | M] () -- C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a.asd
[2012/10/09 01:56:25 | 000,513,415 | ---- | M] () -- C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a.asd

========== Files Created - No Company Name ==========

[2012/11/04 11:52:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/04 11:52:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/04 11:52:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/04 11:52:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/04 11:52:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/04 11:13:42 | 000,000,512 | ---- | C] () -- C:\Users\Kyle\Desktop\MBR.dat
[2012/11/04 01:17:39 | 000,520,207 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.wav.asd
[2012/11/03 15:47:22 | 045,030,156 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.wav
[2012/11/03 12:22:24 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Max Runtime 5.1.lnk
[2012/11/03 12:22:24 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Max 5.1.lnk
[2012/11/03 12:10:56 | 000,516,255 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.aif.asd
[2012/11/03 12:09:34 | 044,645,294 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.aif
[2012/11/02 14:47:15 | 015,949,304 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall 2.m4a
[2012/11/02 12:10:24 | 015,648,095 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall 1.m4a
[2012/11/02 10:34:45 | 017,174,384 | ---- | C] () -- C:\Users\Kyle\Desktop\Minimall.m4a
[2012/10/30 20:46:11 | 000,484,499 | ---- | C] () -- C:\Users\Kyle\Desktop\Because harmony breakdown.mp3.asd
[2012/10/30 20:42:16 | 013,723,585 | ---- | C] () -- C:\Users\Kyle\Desktop\Because harmony breakdown.mp3
[2012/10/30 20:38:30 | 846,126,122 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/29 22:16:08 | 000,325,595 | ---- | C] () -- C:\Users\Kyle\Desktop\11 I Live With You.mp3.asd
[2012/10/29 22:15:43 | 011,904,657 | ---- | C] () -- C:\Users\Kyle\Desktop\11 I Live With You.mp3
[2012/10/27 14:16:39 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/24 11:57:32 | 000,003,021 | ---- | C] () -- C:\Users\Kyle\Desktop\Microsoft Word 2010.lnk
[2012/10/24 01:48:56 | 044,761,957 | ---- | C] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.m4a
[2012/10/24 01:44:13 | 000,360,523 | ---- | C] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav.asd
[2012/10/24 01:43:08 | 052,822,944 | ---- | C] () -- C:\Users\Kyle\Desktop\Dan Deacon by Kyle.wav
[2012/10/23 12:50:08 | 000,580,051 | ---- | C] () -- C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3.asd
[2012/10/23 12:48:44 | 004,603,720 | ---- | C] () -- C:\Users\Kyle\Desktop\Elena - Juana Molina.mp3
[2012/10/23 00:02:19 | 000,599,263 | ---- | C] () -- C:\Users\Kyle\Desktop\Elena 1.m4a.asd
[2012/10/23 00:01:55 | 018,733,595 | ---- | C] () -- C:\Users\Kyle\Desktop\Elena 1.m4a
[2012/10/17 15:05:16 | 000,001,799 | ---- | C] () -- C:\Users\Kyle\Desktop\Spotify.lnk
[2012/10/17 15:05:16 | 000,001,785 | ---- | C] () -- C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/10/12 10:15:56 | 020,865,884 | ---- | C] () -- C:\Users\Kyle\Desktop\Tittays.m4a
[2012/10/12 10:15:32 | 000,346,271 | ---- | C] () -- C:\Users\Kyle\Desktop\A cure.aif.asd
[2012/10/12 10:10:35 | 038,159,697 | ---- | C] () -- C:\Users\Kyle\Desktop\A cure.m4a
[2012/10/12 10:07:18 | 030,044,958 | ---- | C] () -- C:\Users\Kyle\Desktop\A cure.aif
[2012/10/12 04:43:01 | 000,113,543 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs
[2012/10/12 04:43:01 | 000,113,543 | ---- | C] () -- C:\Windows\SysNative\slmgr.vbs
[2012/10/12 04:43:01 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2012/10/11 23:19:30 | 002,279,676 | ---- | C] () -- C:\Users\Kyle\Desktop\Avey.wav
[2012/10/11 23:19:30 | 000,029,675 | ---- | C] () -- C:\Users\Kyle\Desktop\Avey.wav.asd
[2012/10/10 00:11:43 | 000,373,279 | ---- | C] () -- C:\Users\Kyle\Desktop\08. A Cure.mp3.asd
[2012/10/10 00:11:20 | 013,040,710 | ---- | C] () -- C:\Users\Kyle\Desktop\08. A Cure.mp3
[2012/10/09 02:05:55 | 000,055,175 | ---- | C] () -- C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a.asd
[2012/10/09 02:05:38 | 001,406,274 | ---- | C] () -- C:\Users\Kyle\Desktop\01 Alan Lomax Speaking To Charles Ku.m4a
[2012/10/09 01:56:25 | 000,513,415 | ---- | C] () -- C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a.asd
[2012/10/09 01:55:40 | 012,809,297 | ---- | C] () -- C:\Users\Kyle\Desktop\01 Te Deum - Te Deum Laudamus.m4a
[2012/09/27 19:23:18 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/09/27 19:23:16 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012/09/27 19:23:16 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012/09/24 14:39:13 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\FxGoWinFu.dll
[2012/09/02 18:45:02 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys
[2012/09/02 16:44:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012/09/02 16:44:38 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/09/02 16:43:05 | 000,054,665 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/09/02 16:37:09 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/02 16:37:05 | 000,038,744 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/09/02 16:31:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/09/02 16:29:53 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/09/02 16:29:53 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/02 16:29:53 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/03/09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/09/04 23:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
[2011/03/24 21:15:30 | 000,021,112 | ---- | C] () -- C:\Windows\SysWow64\drivers\iLokDrvr.sys

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/05 12:05:28 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\2K Sports
[2012/09/02 17:58:46 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Ableton
[2012/09/27 19:29:35 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Arturia
[2012/09/02 16:43:53 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\ASUS WebStorage
[2012/11/03 21:29:11 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Cycling '74
[2012/09/05 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\DAEMON Tools Pro
[2012/09/19 12:56:17 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MediaMonkey
[2012/09/05 16:15:30 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\MusicBrainz
[2012/09/02 17:27:44 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Nico Mak Computing
[2012/09/20 13:42:59 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Propellerhead Software
[2012/11/04 12:03:24 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Spotify
[2012/11/03 19:51:17 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\uTorrent
[2012/09/05 12:52:44 | 000,000,000 | ---D | M] -- C:\Users\Kyle\AppData\Roaming\Waves Audio

========== Purity Check ==========

< End of report >

Broni · Nov 4, 2012

Reinstall AVG as soon as possible.

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {39677538-3E8F-721E-5669-15225D304BAE} - No CLSID value found.
[2012/11/04 10:04:07 | 000,000,000 | ---D | C] -- C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

=============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

mossimo654 · Nov 4, 2012

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39677538-3E8F-721E-5669-15225D304BAE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39677538-3E8F-721E-5669-15225D304BAE}\ not found.
C:\FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U folder moved successfully.
C:\FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\L folder moved successfully.
C:\FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kyle
->Temp folder emptied: 215582 bytes
->Temporary Internet Files folder emptied: 25554084 bytes
->FireFox cache emptied: 928619107 bytes
->Flash cache emptied: 35518 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 148 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46403118 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 954.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kyle

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kyle
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 11042012_131003

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!
C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

mossimo654 · Nov 4, 2012

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
Google Chrome 11.0.696.77
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````

mossimo654 · Nov 4, 2012

Farbar Service Scanner Version: 04-11-2012
Ran by Kyle (administrator) on 04-11-2012 at 13:17:21
Running from "C:\Users\Kyle\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

mossimo654 · Nov 4, 2012

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 13:18:58
# Updated 30/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Kyle - KYLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Kyle\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Kyle\AppData\Local\Conduit
Folder Deleted : C:\Users\Kyle\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tt6i0gtg.default\Smartbar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3220468 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tt6i0gtg.default\prefs.js

Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1346634322,\"uuid\":983825999615698,\"seq_id\":1,\"ss[...]
Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3220468.FirstTime", "true");
Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Deleted : user_pref("CT3220468.UserID", "UN50889360411858629");
Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Deleted : user_pref("CT3220468.cbcountry_001", "US");
Deleted : user_pref("CT3220468.cbfirsttime", "Sun Sep 02 2012 18:05:22 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3220468.enableAlerts", "always");
Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3220468.fixUrls", true);
Deleted : user_pref("CT3220468.installId", "fftB25E.tmp.exe");
Deleted : user_pref("CT3220468.installType", "XPE");
Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.isNewTabEnabled", true);
Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"anti spyware\",\"EB_MAIN_FRAME_U[...]
Deleted : user_pref("CT3220468.openThankYouPage", "true");
Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Deleted : user_pref("CT3220468.search.searchCount", "0");
Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1346634320667");
Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1346634320504");
Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1346634320618");
Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1346634320877");
Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1346634320672");
Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1346634320548");
Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1346634320223");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1346634320646");
Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1346634320332");
Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1346634320506");
Deleted : user_pref("CT3220468.settingsINI", true);
Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Deleted : user_pref("CT3220468.smartbar.Uninstall", "1");
Deleted : user_pref("CT3220468.smartbar.homepage", true);
Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Deleted : user_pref("CT3220468.startPage", "TRUE");
Deleted : user_pref("CT3220468.toolbarBornServerTime", "4-9-2012");
Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "4-9-2012");
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=1[...]

*************************

AdwCleaner[R1].txt - [6720 octets] - [04/11/2012 13:18:07]
AdwCleaner[S1].txt - [6621 octets] - [04/11/2012 13:18:58]

########## EOF - C:\AdwCleaner[S1].txt - [6681 octets] ##########

mossimo654 · Nov 4, 2012

C:\Users\Kyle\Desktop\New folder\Image_Line_Vocodex_VST_v1_0_keygen_by_AiR.zip a variant of Win32/Kryptik.AODG trojan
C:\_OTL\MovedFiles\11042012_131003\C_FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\00000004.@ Win64/Conedex.C trojan
C:\_OTL\MovedFiles\11042012_131003\C_FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\00000008.@ Win64/Agent.BA trojan
C:\_OTL\MovedFiles\11042012_131003\C_FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\000000cb.@ Win64/Conedex.B trojan
C:\_OTL\MovedFiles\11042012_131003\C_FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\80000000.@ Win64/Sirefef.AW trojan
C:\_OTL\MovedFiles\11042012_131003\C_FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan
C:\_OTL\MovedFiles\11042012_131003\C_FRST\Quarantine\{0aaae9d4-1845-58c1-a35b-3b645d409b85}\U\80000064.@ a variant of Win64/Sirefef.AN trojan

Broni · Nov 4, 2012

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

mossimo654 · Nov 4, 2012

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kyle
->Temp folder emptied: 1416615 bytes
->Temporary Internet Files folder emptied: 34214 bytes
->FireFox cache emptied: 105615401 bytes
->Flash cache emptied: 1410 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 102.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Kyle
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kyle

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11042012_142725

Files\Folders moved on Reboot...
C:\Users\Kyle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

mossimo654 · Nov 4, 2012

Computer's doing fine. Virus warnings have disappeared, and I've done scans with AVG now too that have located and destroyed the same trojans that the others were finding. Thanks so much for your help! Is there any way to delete this thread so that my personal computer information isn't available for others to see?

Once again you have been a HUGE help. Is this a profession or a hobby for you?

Broni · Nov 4, 2012

Hobby

Way to go!!
Good luck and stay safe

PM one of the mods regarding topic deletion.

mossimo654 · Nov 4, 2012

Thanks man you rock

Broni · Nov 4, 2012

You're very welcome

TechSpot

Welcome to TechSpot

Win64/patched.a

mossimo654 Newcomer, in training Posts: 22

Broni Malware Annihilator Posts: 39,398 +177

mossimo654 Newcomer, in training Posts: 22

mossimo654 Newcomer, in training Posts: 22

mossimo654 Newcomer, in training Posts: 22

mossimo654 Newcomer, in training Posts: 22

mossimo654 Newcomer, in training Posts: 22

Broni Malware Annihilator Posts: 39,398 +177

mossimo654 Newcomer, in training Posts: 22

mossimo654 Newcomer, in training Posts: 22

Broni Malware Annihilator Posts: 39,398 +177

mossimo654 Newcomer, in training Posts: 22

Broni Malware Annihilator Posts: 39,398 +177

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.