Solved Help removing Trojan:Win64/Sirefef.Y

X

Xfoxhound

Posts: 19   +0
Ran FRST64, this is my log. Please help. Girlfriend's computer is only 2 months old. :(

Scan result of Farbar Recovery Scan Tool Version: 13-06-2012 03
Ran by SYSTEM at 14-06-2012 20:38:07
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [4081008 2012-03-07] (ESET)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s [395528 2011-07-05] (StrikeForce Technologies Inc.)
HKU\Ashley\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Ashley\...\Run: [Google Update] "C:\Users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-06-14] (Google Inc.)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2010-05-21] (Softthinks)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\Users\Ashley\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Ashley\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
==================== Services (Whitelisted) ======
2 AMDFusionSVC; C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [383544 2009-09-08] (Advanced Micro Devices)
2 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [122880 2009-03-16] (AMD)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe" [913144 2012-03-07] (ESET)
2 IDVaultSvc; "C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe" [66160 2012-06-06] (White Sky, Inc.)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
3 RoxMediaDB10; "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1124848 2009-06-26] (Sonic Solutions)
2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2012-04-24] (Wajam)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [x]
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
========================== Drivers (Whitelisted) =============
3 AmdLLD64; C:\Windows\System32\Drivers\AmdLLD64.sys [47672 2009-04-22] (Advanced Micro Devices)
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-11] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-11] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-11] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-11] (AVG Technologies CZ, s.r.o.)
3 eamonm; C:\Windows\System32\Drivers\eamonm.sys [209768 2012-03-14] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [148528 2012-03-14] (ESET)
2 epfw; C:\Windows\System32\Drivers\epfw.sys [187632 2012-03-14] (ESET)
1 EpfwLWF; C:\Windows\System32\Drivers\EpfwLWF.sys [38288 2012-03-14] (ESET)
0 epfwwfp; C:\Windows\System32\Drivers\epfwwfp.sys [62496 2012-03-14] (ESET)
1 GIDv2; C:\Windows\System32\Drivers\GIDv2.sys [29288 2011-07-05] (StrikeForce Technologies, Inc.)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
 
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-14 20:07 - 2012-06-14 20:07 - 02108855 ____A C:\Users\Ashley\Downloads\tdsskiller (1).zip
2012-06-14 20:07 - 2012-06-14 20:07 - 00000000 ____D C:\Users\Ashley\Downloads\tdsskiller (1)
2012-06-14 20:06 - 2012-06-14 20:07 - 00000348 ____A C:\TDSSKiller.2.7.36.0_14.06.2012_20.06.56_log.txt
2012-06-14 20:06 - 2012-06-14 20:06 - 02108855 ____A C:\Users\Ashley\Downloads\tdsskiller.zip
2012-06-14 20:06 - 2012-06-14 20:06 - 00000348 ____A C:\TDSSKiller.2.7.36.0_14.06.2012_20.06.36_log.txt
2012-06-14 19:35 - 2012-01-31 07:44 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-06-14 19:31 - 2012-06-14 19:31 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-14 19:31 - 2012-06-14 19:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-14 19:31 - 2012-06-14 19:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-14 19:30 - 2010-04-09 06:06 - 00374664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-06-14 19:29 - 2012-06-14 19:29 - 12621696 ____A (Microsoft Corporation) C:\Users\Ashley\Downloads\mseinstall.exe
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\Local Settings\ESET
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\ESET
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\Application Data\ESET
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\ESET
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\AppData\Local\ESET
2012-06-14 00:41 - 2012-06-14 00:41 - 01263344 ____A (ESET) C:\Users\Ashley\Downloads\eset_smart_security_live_installer (2).exe
2012-06-14 00:41 - 2012-06-14 00:41 - 01263344 ____A (ESET) C:\Users\Ashley\Downloads\eset_smart_security_live_installer (1).exe
2012-06-14 00:31 - 2012-06-14 00:31 - 01263344 ____A (ESET) C:\Users\Ashley\Downloads\eset_smart_security_live_installer.exe
2012-06-14 00:30 - 2012-06-14 19:35 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000UA.job
2012-06-14 00:30 - 2012-06-14 00:35 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000Core.job
2012-06-14 00:12 - 2012-06-14 20:26 - 00000952 ____A C:\Windows\setupact.log
2012-06-14 00:12 - 2012-06-14 00:12 - 00000000 ____A C:\Windows\setuperr.log
2012-06-13 23:49 - 2012-06-14 00:26 - 00000000 ____D C:\Users\All Users\ESET
2012-06-13 23:49 - 2012-06-14 00:26 - 00000000 ____D C:\Users\All Users\Application Data\ESET
2012-06-13 23:49 - 2012-06-14 00:26 - 00000000 ____D C:\Program Files\ESET
2012-06-13 21:17 - 2012-06-13 21:33 - 00003696 ____A C:\Users\Ashley\Desktop\avgrep.txt
2012-06-13 21:16 - 2012-06-14 19:55 - 00331668 ____A C:\Windows\ntbtlog.txt
2012-06-13 21:16 - 2012-06-13 21:17 - 00123316 ____A C:\TDSSKiller.2.7.36.0_13.06.2012_21.16.57_log.txt
2012-06-13 08:21 - 2012-06-13 08:22 - 00123320 ____A C:\TDSSKiller.2.7.36.0_13.06.2012_08.21.07_log.txt
2012-06-13 00:06 - 2012-06-13 00:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-12 23:46 - 2012-06-12 23:47 - 00129440 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_23.46.07_log.txt
2012-06-12 22:16 - 2012-06-12 22:18 - 00255226 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_22.16.36_log.txt
2012-06-12 22:13 - 2012-06-12 22:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-12 22:12 - 2012-06-12 22:13 - 00132076 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_22.12.20_log.txt
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Users\Ashley\Local Settings\Wajam
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\Wajam
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Users\Ashley\AppData\Local\Wajam
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Program Files (x86)\Wajam
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Program Files (x86)\Playbryte
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Program Files (x86)\7-Zip
2012-06-12 22:09 - 2012-06-12 22:09 - 00000000 ____D C:\Users\All Users\Tarma Installer
2012-06-12 22:09 - 2012-06-12 22:09 - 00000000 ____D C:\Users\All Users\Application Data\Tarma Installer
2012-06-12 22:09 - 2012-06-12 22:09 - 00000000 ____D C:\Program Files (x86)\Yontoo
2012-06-12 22:06 - 2012-06-12 23:45 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-12 22:06 - 2012-06-12 23:45 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-12 22:06 - 2012-06-12 22:16 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-12 22:06 - 2012-06-12 22:06 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-12 22:06 - 2012-06-12 22:06 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-12 22:06 - 2012-06-12 22:06 - 00000000 ____D C:\Users\Ashley\Application Data\Malwarebytes
2012-06-12 22:06 - 2012-06-12 22:06 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\Malwarebytes
2012-06-12 22:06 - 2012-06-12 22:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-12 22:06 - 2012-04-04 15:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-12 21:03 - 2012-06-12 21:03 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-06-12 21:00 - 2012-06-03 23:28 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 20:59 - 2012-06-12 21:00 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Ashley\Downloads\12-4_vista_win7_64_dd_ccc.exe
2012-06-12 20:53 - 2012-06-12 21:05 - 00000000 ____D C:\Users\Ashley\Local Settings\ID Vault
2012-06-12 20:53 - 2012-06-12 21:05 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\ID Vault
2012-06-12 20:53 - 2012-06-12 21:05 - 00000000 ____D C:\Users\Ashley\AppData\Local\ID Vault
2012-06-12 20:53 - 2012-06-12 20:53 - 00000000 ____D C:\Users\All Users\IsolatedStorage
2012-06-12 20:53 - 2012-06-12 20:53 - 00000000 ____D C:\Users\All Users\Application Data\IsolatedStorage
2012-06-12 20:51 - 2012-06-14 20:07 - 00000000 ____D C:\Users\Ashley\Application Data\ID Vault
2012-06-12 20:51 - 2012-06-14 20:07 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\ID Vault
2012-06-12 20:50 - 2012-06-12 20:50 - 00000000 ____D C:\Users\All Users\GID
2012-06-12 20:50 - 2012-06-12 20:50 - 00000000 ____D C:\Users\All Users\Application Data\GID
2012-06-12 20:50 - 2011-07-05 10:25 - 00467224 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDHOOK64.DLL
2012-06-12 20:50 - 2011-07-05 10:25 - 00065816 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDLogonCP64.dll
2012-06-12 20:50 - 2011-07-05 10:24 - 00446752 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDHookLogon64.dll
2012-06-12 20:50 - 2011-07-05 10:23 - 00206608 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDBIN1.DLL
2012-06-12 20:50 - 2011-07-05 10:23 - 00102160 ____N (StrikeForce Technologies Inc.) C:\Windows\System32\GIDBIN3.DLL
2012-06-12 20:50 - 2011-07-05 10:18 - 00029288 ____N (StrikeForce Technologies, Inc.) C:\Windows\System32\Drivers\gidv2.sys
2012-06-12 20:50 - 2009-06-12 16:32 - 00109064 ____N C:\Windows\System32\EasyHook64.dll
2012-06-12 20:49 - 2012-06-12 21:04 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-12 20:49 - 2012-06-12 20:52 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2012-06-12 20:49 - 2012-06-12 20:49 - 00002267 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-06-12 20:49 - 2012-06-12 20:49 - 00002267 ____A C:\Users\All Users\Desktop\Constant Guard.lnk
2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Users\All Users\White Sky, Inc
2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Users\All Users\Application Data\White Sky, Inc
2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Program Files\ATI
2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Program Files (x86)\SFT
2012-06-12 20:49 - 2012-05-14 22:56 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 20:49 - 2012-05-14 22:52 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 20:49 - 2012-05-14 22:08 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 20:49 - 2012-05-14 22:06 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 20:49 - 2012-04-20 01:25 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 20:49 - 2012-04-20 01:25 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 20:49 - 2012-04-20 01:23 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-06-12 20:49 - 2012-04-20 01:22 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 20:49 - 2012-04-20 01:22 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-12 20:49 - 2012-04-20 01:22 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 20:49 - 2012-04-20 01:22 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-12 20:49 - 2012-04-20 01:22 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-12 20:49 - 2012-04-20 01:21 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 20:49 - 2012-04-20 01:21 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 20:49 - 2012-04-20 01:21 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-12 20:49 - 2012-04-20 01:21 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-12 20:49 - 2012-04-20 01:21 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 20:49 - 2012-04-20 01:18 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-12 20:49 - 2012-04-20 00:07 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 20:49 - 2012-04-20 00:07 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 20:49 - 2012-04-20 00:06 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 20:49 - 2012-04-20 00:06 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-12 20:49 - 2012-04-20 00:06 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-06-12 20:49 - 2012-04-20 00:06 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 20:49 - 2012-04-20 00:06 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-12 20:49 - 2012-04-20 00:05 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 20:49 - 2012-04-20 00:05 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 20:49 - 2012-04-20 00:05 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-12 20:49 - 2012-04-20 00:05 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-12 20:49 - 2012-04-20 00:05 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 20:49 - 2012-04-20 00:05 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-12 20:49 - 2012-04-20 00:03 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-12 20:49 - 2012-04-20 00:00 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-12 20:49 - 2012-04-19 23:15 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 20:49 - 2012-04-19 22:58 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-12 20:49 - 2012-04-19 22:24 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 20:48 - 2012-06-12 20:48 - 17256744 ____A (White Sky, Inc.) C:\Users\Ashley\Downloads\constantguard.exe
2012-06-12 20:48 - 2012-05-14 20:32 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 20:48 - 2012-05-04 05:52 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 20:48 - 2012-05-04 05:08 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 20:48 - 2012-05-04 05:08 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 20:48 - 2012-05-02 00:32 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 20:48 - 2012-04-27 22:50 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 20:48 - 2012-04-26 00:34 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 20:48 - 2012-04-26 00:34 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 20:48 - 2012-04-26 00:28 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 20:48 - 2012-04-24 00:59 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 20:48 - 2012-04-24 00:59 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 20:48 - 2012-04-24 00:59 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 20:48 - 2012-04-23 23:47 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 20:48 - 2012-04-23 23:47 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 20:48 - 2012-04-23 23:47 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 20:48 - 2012-04-17 00:38 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 20:48 - 2012-04-16 23:45 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 20:47 - 2012-06-12 20:47 - 00000000 ____D C:\AMD
2012-06-12 20:47 - 2012-06-12 20:46 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-12 20:47 - 2012-06-12 20:46 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-12 20:47 - 2012-06-12 20:46 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-12 20:47 - 2012-06-12 20:46 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-12 20:46 - 2012-06-12 20:46 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-12 20:46 - 2012-04-07 07:18 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 20:46 - 2012-04-07 06:34 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 20:44 - 2012-06-12 20:44 - 00792704 ____A (AMD) C:\Users\Ashley\Downloads\amddriverdownloader.exe
2012-06-08 20:59 - 2012-06-08 21:00 - 00000000 ____D C:\Users\Ashley\Application Data\Ventrilo
2012-06-08 20:59 - 2012-06-08 21:00 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\Ventrilo
2012-06-08 20:59 - 2012-06-08 20:59 - 00000919 ____A C:\Users\Ashley\Desktop\Ventrilo.lnk
2012-06-08 20:59 - 2012-06-08 20:59 - 00000000 ____D C:\Program Files\Ventrilo
2012-06-08 20:58 - 2012-06-08 20:59 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-06-08 20:58 - 2012-06-08 20:58 - 04135696 ____A C:\Users\Ashley\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-06-05 22:17 - 2012-06-05 22:17 - 00000000 ____D C:\Users\Ashley\Application Data\LolClient2
2012-06-05 22:17 - 2012-06-05 22:17 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\LolClient2
2012-06-05 22:13 - 2012-06-05 22:13 - 00001722 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-06-05 22:13 - 2012-06-05 22:13 - 00001722 ____A C:\Users\All Users\Desktop\Play League of Legends.lnk
2012-06-05 22:13 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-06-05 22:13 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-06-05 22:13 - 2008-07-12 08:18 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-06-05 22:13 - 2008-07-12 08:18 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-06-05 22:13 - 2008-07-12 08:18 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-06-05 22:08 - 2012-06-05 22:08 - 00000000 ____D C:\Riot Games
2012-06-05 20:31 - 2012-06-05 21:28 - 00000000 ____D C:\Users\Ashley\Desktop\League of legends
2012-06-05 20:30 - 2012-06-12 20:40 - 00000000 ____D C:\Users\Ashley\Local Settings\PMB Files
2012-06-05 20:30 - 2012-06-12 20:40 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\PMB Files
2012-06-05 20:30 - 2012-06-12 20:40 - 00000000 ____D C:\Users\Ashley\AppData\Local\PMB Files
2012-06-05 20:30 - 2012-06-12 20:40 - 00000000 ____D C:\Users\All Users\PMB Files
2012-06-05 20:30 - 2012-06-12 20:40 - 00000000 ____D C:\Users\All Users\Application Data\PMB Files
2012-06-05 20:30 - 2012-06-05 20:30 - 02353512 ____A C:\Users\Ashley\Downloads\LeagueofLegends.exe
2012-06-05 20:30 - 2012-06-05 20:30 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2012-05-21 16:40 - 2012-05-21 16:40 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ashley\Desktop\TDSSKiller.exe
2012-05-18 16:51 - 2012-05-18 16:51 - 00067504 ____A C:\Users\Ashley\Downloads\HjUMlwJN.htm
2012-05-15 15:10 - 2012-05-15 15:10 - 00000000 ____D C:\Users\Ashley\Local Settings\ElevatedDiagnostics
2012-05-15 15:10 - 2012-05-15 15:10 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\ElevatedDiagnostics
2012-05-15 15:10 - 2012-05-15 15:10 - 00000000 ____D C:\Users\Ashley\AppData\Local\ElevatedDiagnostics

============ 3 Months Modified Files and Folders =============
2012-06-14 20:38 - 2012-06-14 20:20 - 00000000 ____D C:\FRST
2012-06-14 20:27 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-14 20:26 - 2012-06-14 00:12 - 00000952 ____A C:\Windows\setupact.log
2012-06-14 20:17 - 2012-01-29 23:15 - 00000000 ____D C:\Users\Ashley\Local Settings\SoftThinks
2012-06-14 20:17 - 2012-01-29 23:15 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\SoftThinks
2012-06-14 20:17 - 2012-01-29 23:15 - 00000000 ____D C:\Users\Ashley\AppData\Local\SoftThinks
2012-06-14 20:17 - 2012-01-29 22:20 - 00000000 ____D C:\Users\Ashley\Local Settings\Deployment
2012-06-14 20:17 - 2012-01-29 22:20 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\Deployment
2012-06-14 20:17 - 2012-01-29 22:20 - 00000000 ____D C:\Users\Ashley\AppData\Local\Deployment
2012-06-14 20:07 - 2012-06-14 20:07 - 02108855 ____A C:\Users\Ashley\Downloads\tdsskiller (1).zip
2012-06-14 20:07 - 2012-06-14 20:07 - 00000000 ____D C:\Users\Ashley\Downloads\tdsskiller (1)
2012-06-14 20:07 - 2012-06-14 20:06 - 00000348 ____A C:\TDSSKiller.2.7.36.0_14.06.2012_20.06.56_log.txt
2012-06-14 20:07 - 2012-06-12 20:51 - 00000000 ____D C:\Users\Ashley\Application Data\ID Vault
2012-06-14 20:07 - 2012-06-12 20:51 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\ID Vault
2012-06-14 20:06 - 2012-06-14 20:06 - 02108855 ____A C:\Users\Ashley\Downloads\tdsskiller.zip
2012-06-14 20:06 - 2012-06-14 20:06 - 00000348 ____A C:\TDSSKiller.2.7.36.0_14.06.2012_20.06.36_log.txt
2012-06-14 19:55 - 2012-06-13 21:16 - 00331668 ____A C:\Windows\ntbtlog.txt
2012-06-14 19:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-14 19:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-14 19:36 - 2009-07-14 00:10 - 02017900 ____A C:\Windows\WindowsUpdate.log
2012-06-14 19:35 - 2012-06-14 00:30 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000UA.job
2012-06-14 19:31 - 2012-06-14 19:31 - 00002154 ____A C:\Windows\epplauncher.mif
2012-06-14 19:31 - 2012-06-14 19:31 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-14 19:31 - 2012-06-14 19:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-14 19:31 - 2012-02-26 22:47 - 00743996 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-14 19:29 - 2012-06-14 19:29 - 12621696 ____A (Microsoft Corporation) C:\Users\Ashley\Downloads\mseinstall.exe
2012-06-14 18:00 - 2012-02-06 23:07 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-14 17:48 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2012-06-14 16:45 - 2012-02-06 23:02 - 00000000 ____D C:\Users\All Users\MFAData
2012-06-14 16:45 - 2012-02-06 23:02 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\Local Settings\ESET
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\ESET
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\Application Data\ESET
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\ESET
2012-06-14 16:40 - 2012-06-14 16:40 - 00000000 ____D C:\Users\Ashley\AppData\Local\ESET
2012-06-14 00:41 - 2012-06-14 00:41 - 01263344 ____A (ESET) C:\Users\Ashley\Downloads\eset_smart_security_live_installer (2).exe
2012-06-14 00:41 - 2012-06-14 00:41 - 01263344 ____A (ESET) C:\Users\Ashley\Downloads\eset_smart_security_live_installer (1).exe
2012-06-14 00:38 - 2010-08-12 20:27 - 00498766 ____A C:\Windows\PFRO.log
2012-06-14 00:35 - 2012-06-14 00:30 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000Core.job
2012-06-14 00:31 - 2012-06-14 00:31 - 01263344 ____A (ESET) C:\Users\Ashley\Downloads\eset_smart_security_live_installer.exe
2012-06-14 00:30 - 2012-01-29 22:21 - 00000000 ____D C:\Users\Ashley\Local Settings\Google
2012-06-14 00:30 - 2012-01-29 22:21 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\Google
2012-06-14 00:30 - 2012-01-29 22:21 - 00000000 ____D C:\Users\Ashley\AppData\Local\Google
2012-06-14 00:26 - 2012-06-13 23:49 - 00000000 ____D C:\Users\All Users\ESET
2012-06-14 00:26 - 2012-06-13 23:49 - 00000000 ____D C:\Users\All Users\Application Data\ESET
2012-06-14 00:26 - 2012-06-13 23:49 - 00000000 ____D C:\Program Files\ESET
2012-06-14 00:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-06-14 00:12 - 2012-06-14 00:12 - 00000000 ____A C:\Windows\setuperr.log
2012-06-14 00:10 - 2012-02-24 17:46 - 00019287 ____A C:\Windows\IE9_main.log
2012-06-13 23:41 - 2012-02-25 23:51 - 00000000 ____D C:\Windows\Minidump
2012-06-13 21:33 - 2012-06-13 21:17 - 00003696 ____A C:\Users\Ashley\Desktop\avgrep.txt
2012-06-13 21:17 - 2012-06-13 21:16 - 00123316 ____A C:\TDSSKiller.2.7.36.0_13.06.2012_21.16.57_log.txt
2012-06-13 12:44 - 2009-07-14 00:13 - 00740836 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-13 08:22 - 2012-06-13 08:21 - 00123320 ____A C:\TDSSKiller.2.7.36.0_13.06.2012_08.21.07_log.txt
2012-06-13 08:15 - 2010-08-12 19:00 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-13 08:15 - 2010-08-12 19:00 - 00000000 ____D C:\Users\All Users\Application Data\McAfee
2012-06-13 00:06 - 2012-06-13 00:06 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-13 00:03 - 2012-03-03 14:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-13 00:00 - 2010-08-12 18:42 - 00000000 ____D C:\Users\All Users\Cozi
2012-06-13 00:00 - 2010-08-12 18:42 - 00000000 ____D C:\Users\All Users\Application Data\Cozi
2012-06-12 23:47 - 2012-06-12 23:46 - 00129440 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_23.46.07_log.txt
2012-06-12 23:45 - 2012-06-12 22:06 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-12 23:45 - 2012-06-12 22:06 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-06-12 22:18 - 2012-06-12 22:16 - 00255226 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_22.16.36_log.txt
2012-06-12 22:16 - 2012-06-12 22:06 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-12 22:13 - 2012-06-12 22:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-06-12 22:13 - 2012-06-12 22:12 - 00132076 ____A C:\TDSSKiller.2.7.36.0_12.06.2012_22.12.20_log.txt
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Users\Ashley\Local Settings\Wajam
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\Wajam
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Users\Ashley\AppData\Local\Wajam
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Program Files (x86)\Wajam
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Program Files (x86)\Playbryte
2012-06-12 22:10 - 2012-06-12 22:10 - 00000000 ____D C:\Program Files (x86)\7-Zip
2012-06-12 22:10 - 2012-01-29 23:15 - 00000000 ____D C:\Users\Ashley\AppData\LocalLow
2012-06-12 22:09 - 2012-06-12 22:09 - 00000000 ____D C:\Users\All Users\Tarma Installer
2012-06-12 22:09 - 2012-06-12 22:09 - 00000000 ____D C:\Users\All Users\Application Data\Tarma Installer
2012-06-12 22:09 - 2012-06-12 22:09 - 00000000 ____D C:\Program Files (x86)\Yontoo
2012-06-12 22:06 - 2012-06-12 22:06 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-12 22:06 - 2012-06-12 22:06 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-12 22:06 - 2012-06-12 22:06 - 00000000 ____D C:\Users\Ashley\Application Data\Malwarebytes
2012-06-12 22:06 - 2012-06-12 22:06 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\Malwarebytes
2012-06-12 22:06 - 2012-06-12 22:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-12 21:12 - 2009-07-13 23:45 - 00319976 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 21:05 - 2012-06-12 20:53 - 00000000 ____D C:\Users\Ashley\Local Settings\ID Vault
2012-06-12 21:05 - 2012-06-12 20:53 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\ID Vault
2012-06-12 21:05 - 2012-06-12 20:53 - 00000000 ____D C:\Users\Ashley\AppData\Local\ID Vault
2012-06-12 21:04 - 2012-06-12 20:49 - 00000000 ____D C:\Program Files\ATI Technologies
2012-06-12 21:03 - 2012-06-12 21:03 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-06-12 21:00 - 2012-06-12 20:59 - 160889384 ____A (Advanced Micro Devices, Inc.) C:\Users\Ashley\Downloads\12-4_vista_win7_64_dd_ccc.exe
2012-06-12 20:53 - 2012-06-12 20:53 - 00000000 ____D C:\Users\All Users\IsolatedStorage
2012-06-12 20:53 - 2012-06-12 20:53 - 00000000 ____D C:\Users\All Users\Application Data\IsolatedStorage
2012-06-12 20:52 - 2012-06-12 20:49 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2012-06-12 20:50 - 2012-06-12 20:50 - 00000000 ____D C:\Users\All Users\GID
2012-06-12 20:50 - 2012-06-12 20:50 - 00000000 ____D C:\Users\All Users\Application Data\GID
2012-06-12 20:49 - 2012-06-12 20:49 - 00002267 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2012-06-12 20:49 - 2012-06-12 20:49 - 00002267 ____A C:\Users\All Users\Desktop\Constant Guard.lnk
2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Users\All Users\White Sky, Inc
2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Users\All Users\Application Data\White Sky, Inc
2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Program Files\ATI
2012-06-12 20:49 - 2012-06-12 20:49 - 00000000 ____D C:\Program Files (x86)\SFT
2012-06-12 20:48 - 2012-06-12 20:48 - 17256744 ____A (White Sky, Inc.) C:\Users\Ashley\Downloads\constantguard.exe
2012-06-12 20:47 - 2012-06-12 20:47 - 00000000 ____D C:\AMD
2012-06-12 20:46 - 2012-06-12 20:47 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-12 20:46 - 2012-06-12 20:47 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-12 20:46 - 2012-06-12 20:47 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-12 20:46 - 2012-06-12 20:47 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-12 20:46 - 2012-06-12 20:46 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-12 20:46 - 2010-08-12 18:34 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-12 20:44 - 2012-06-12 20:44 - 00792704 ____A (AMD) C:\Users\Ashley\Downloads\amddriverdownloader.exe
2012-06-12 20:40 - 2012-06-05 20:30 - 00000000 ____D C:\Users\Ashley\Local Settings\PMB Files
2012-06-12 20:40 - 2012-06-05 20:30 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\PMB Files
2012-06-12 20:40 - 2012-06-05 20:30 - 00000000 ____D C:\Users\Ashley\AppData\Local\PMB Files
2012-06-12 20:40 - 2012-06-05 20:30 - 00000000 ____D C:\Users\All Users\PMB Files
2012-06-12 20:40 - 2012-06-05 20:30 - 00000000 ____D C:\Users\All Users\Application Data\PMB Files
2012-06-11 18:52 - 2012-01-29 22:23 - 00001070 ____A C:\Users\Public\Desktop\World of Warcraft.lnk
2012-06-11 18:52 - 2012-01-29 22:23 - 00001070 ____A C:\Users\All Users\Desktop\World of Warcraft.lnk
2012-06-11 18:52 - 2012-01-29 22:23 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2012-06-09 00:32 - 2012-02-01 12:58 - 00000000 ____D C:\Users\Ashley\Application Data\Azureus
2012-06-09 00:32 - 2012-02-01 12:58 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\Azureus
2012-06-08 21:00 - 2012-06-08 20:59 - 00000000 ____D C:\Users\Ashley\Application Data\Ventrilo
2012-06-08 21:00 - 2012-06-08 20:59 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\Ventrilo
2012-06-08 20:59 - 2012-06-08 20:59 - 00000919 ____A C:\Users\Ashley\Desktop\Ventrilo.lnk
2012-06-08 20:59 - 2012-06-08 20:59 - 00000000 ____D C:\Program Files\Ventrilo
2012-06-08 20:59 - 2012-06-08 20:58 - 00000262 ____A C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
2012-06-08 20:58 - 2012-06-08 20:58 - 04135696 ____A C:\Users\Ashley\Downloads\ventrilo-3.0.8-Windows-x64.exe
2012-06-05 22:17 - 2012-06-05 22:17 - 00000000 ____D C:\Users\Ashley\Application Data\LolClient2
2012-06-05 22:17 - 2012-06-05 22:17 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\LolClient2
2012-06-05 22:13 - 2012-06-05 22:13 - 00001722 ____A C:\Users\Public\Desktop\Play League of Legends.lnk
2012-06-05 22:13 - 2012-06-05 22:13 - 00001722 ____A C:\Users\All Users\Desktop\Play League of Legends.lnk
2012-06-05 22:08 - 2012-06-05 22:08 - 00000000 ____D C:\Riot Games
2012-06-05 22:08 - 2010-08-12 18:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-05 21:28 - 2012-06-05 20:31 - 00000000 ____D C:\Users\Ashley\Desktop\League of legends
2012-06-05 20:30 - 2012-06-05 20:30 - 02353512 ____A C:\Users\Ashley\Downloads\LeagueofLegends.exe
2012-06-05 20:30 - 2012-06-05 20:30 - 00000000 ____D C:\Program Files (x86)\Pando Networks
2012-06-04 19:24 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-04 19:19 - 2012-01-29 23:14 - 00000000 ____D C:\users\Ashley
2012-06-04 19:10 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\config\TxR
2012-06-04 19:04 - 2012-03-10 16:36 - 00000000 ____D C:\Users\Ashley\Application Data\IrfanView
2012-06-04 19:04 - 2012-03-10 16:36 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\IrfanView
2012-06-04 19:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2012-06-03 23:28 - 2012-06-12 21:00 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-21 16:40 - 2012-05-21 16:40 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Ashley\Desktop\TDSSKiller.exe
2012-05-18 16:51 - 2012-05-18 16:51 - 00067504 ____A C:\Users\Ashley\Downloads\HjUMlwJN.htm
2012-05-16 07:28 - 2012-02-01 13:02 - 00000000 ____D C:\Users\Ashley\My Documents\Vuze Downloads
2012-05-16 07:28 - 2012-02-01 13:02 - 00000000 ____D C:\Users\Ashley\Documents\Vuze Downloads
2012-05-15 15:10 - 2012-05-15 15:10 - 00000000 ____D C:\Users\Ashley\Local Settings\ElevatedDiagnostics
2012-05-15 15:10 - 2012-05-15 15:10 - 00000000 ____D C:\Users\Ashley\Local Settings\Application Data\ElevatedDiagnostics
2012-05-15 15:10 - 2012-05-15 15:10 - 00000000 ____D C:\Users\Ashley\AppData\Local\ElevatedDiagnostics
2012-05-14 22:56 - 2012-06-12 20:49 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 22:52 - 2012-06-12 20:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 22:08 - 2012-06-12 20:49 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 22:06 - 2012-06-12 20:49 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 20:32 - 2012-06-12 20:48 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 03:01 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-14 03:01 - 2012-05-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-10 16:33 - 2009-07-14 02:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-08 21:13 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2012-05-04 05:52 - 2012-06-12 20:48 - 05505392 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 05:08 - 2012-06-12 20:48 - 03958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 05:08 - 2012-06-12 20:48 - 03902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 00:32 - 2012-06-12 20:48 - 00208896 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-28 10:51 - 2012-04-28 10:51 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-28 10:51 - 2012-04-28 10:51 - 00000000 ____D C:\Users\All Users\Application Data\Mozilla
2012-04-27 22:50 - 2012-06-12 20:48 - 00204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-26 00:34 - 2012-06-12 20:48 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 00:34 - 2012-06-12 20:48 - 00076288 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 00:28 - 2012-06-12 20:48 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 00:59 - 2012-06-12 20:48 - 01460224 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 00:59 - 2012-06-12 20:48 - 00182272 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 00:59 - 2012-06-12 20:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 23:47 - 2012-06-12 20:48 - 01156608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 23:47 - 2012-06-12 20:48 - 00139264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 23:47 - 2012-06-12 20:48 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-23 17:02 - 2012-04-23 17:02 - 01931407 ____A C:\Users\Ashley\Downloads\OBP Edible Cupcakes.rar
2012-04-20 01:25 - 2012-06-12 20:49 - 01501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-20 01:25 - 2012-06-12 20:49 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-20 01:23 - 2012-06-12 20:49 - 01026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-04-20 01:22 - 2012-06-12 20:49 - 09373696 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-20 01:22 - 2012-06-12 20:49 - 00736256 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-20 01:22 - 2012-06-12 20:49 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-20 01:22 - 2012-06-12 20:49 - 00082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-20 01:22 - 2012-06-12 20:49 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-20 01:21 - 2012-06-12 20:49 - 12405760 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-20 01:21 - 2012-06-12 20:49 - 02458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-20 01:21 - 2012-06-12 20:49 - 00445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-20 01:21 - 2012-06-12 20:49 - 00256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-20 01:21 - 2012-06-12 20:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-20 01:18 - 2012-06-12 20:49 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-20 00:07 - 2012-06-12 20:49 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-20 00:07 - 2012-06-12 20:49 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-20 00:06 - 2012-06-12 20:49 - 06028288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-20 00:06 - 2012-06-12 20:49 - 00627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-20 00:06 - 2012-06-12 20:49 - 00606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2012-04-20 00:06 - 2012-06-12 20:49 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-20 00:06 - 2012-06-12 20:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-20 00:05 - 2012-06-12 20:49 - 11019776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-20 00:05 - 2012-06-12 20:49 - 02072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-20 00:05 - 2012-06-12 20:49 - 00381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-20 00:05 - 2012-06-12 20:49 - 00185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-20 00:05 - 2012-06-12 20:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-20 00:05 - 2012-06-12 20:49 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-20 00:03 - 2012-06-12 20:49 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-20 00:00 - 2012-06-12 20:49 - 00482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-19 23:15 - 2012-06-12 20:49 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 22:58 - 2012-06-12 20:49 - 00386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-19 22:24 - 2012-06-12 20:49 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-19 19:28 - 2012-04-19 19:28 - 00000000 __RHD C:\MSOCache
2012-04-19 18:26 - 2012-04-19 18:26 - 00017165 ____A C:\Users\Ashley\My Documents\Resume.docx
2012-04-19 18:26 - 2012-04-19 18:26 - 00017165 ____A C:\Users\Ashley\Documents\Resume.docx
2012-04-19 06:06 - 2012-04-19 06:06 - 00000000 ____D C:\Users\Ashley\My Documents\TSR Basket 2012.04.19@13.00
2012-04-19 06:06 - 2012-04-19 06:06 - 00000000 ____D C:\Users\Ashley\Documents\TSR Basket 2012.04.19@13.00
2012-04-18 18:35 - 2012-04-18 18:35 - 00000000 ____D C:\Users\Ashley\My Documents\1112242
2012-04-18 18:35 - 2012-04-18 18:35 - 00000000 ____D C:\Users\Ashley\Documents\1112242
2012-04-18 11:25 - 2012-04-18 11:25 - 00000000 ____D C:\Users\Ashley\My Documents\1126739
2012-04-18 11:25 - 2012-04-18 11:25 - 00000000 ____D C:\Users\Ashley\Documents\1126739
2012-04-17 00:38 - 2012-06-12 20:48 - 00851968 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 23:45 - 2012-06-12 20:48 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-16 10:24 - 2009-07-13 21:34 - 00000826 __RAH C:\Windows\System32\Drivers\etc\hosts
2012-04-07 07:18 - 2012-06-12 20:46 - 03213824 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-04-07 06:34 - 2012-06-12 20:46 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-04-06 00:22 - 2012-04-06 00:22 - 11174400 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-04-05 21:23 - 2012-04-05 21:23 - 00245896 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-04-05 21:23 - 2012-04-05 21:23 - 00245896 ____A C:\Windows\System32\atiapfxx.blb
2012-04-05 21:22 - 2012-04-05 21:22 - 00159744 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-04-05 21:21 - 2012-04-05 21:21 - 00909312 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-04-05 21:20 - 2010-08-12 21:08 - 01067520 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-04-05 21:16 - 2012-04-05 21:16 - 00503808 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-04-05 21:16 - 2012-04-05 21:16 - 00236544 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-04-05 21:16 - 2010-08-12 21:08 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-04-05 21:14 - 2012-04-05 21:14 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-04-05 21:14 - 2012-04-05 21:14 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-04-05 21:14 - 2012-04-05 21:14 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-04-05 21:14 - 2012-04-05 21:14 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-04-05 21:13 - 2012-04-05 21:13 - 06800896 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-04-05 21:10 - 2012-04-05 21:10 - 26181632 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-04-05 21:00 - 2010-08-12 21:08 - 00064000 ____A (AMD) C:\Windows\System32\coinst.dll
2012-04-05 20:54 - 2010-08-12 21:08 - 07479296 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-04-05 20:50 - 2012-04-05 20:50 - 19753984 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-04-05 20:35 - 2012-04-05 20:35 - 01120768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6v.dll
2012-04-05 20:34 - 2012-04-05 20:34 - 04731904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-04-05 20:34 - 2012-04-05 20:34 - 01831424 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdmv.dll
2012-04-05 20:34 - 2010-08-12 21:08 - 06203392 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-04-05 20:30 - 2012-04-05 20:30 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-04-05 20:30 - 2012-04-05 20:30 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-04-05 20:30 - 2012-04-05 20:30 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-04-05 20:30 - 2012-04-05 20:30 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-04-05 20:29 - 2012-04-05 20:29 - 16090624 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-04-05 20:29 - 2012-04-05 20:29 - 02631008 ____A C:\Windows\System32\atiumd6a.cap
2012-04-05 20:29 - 2012-04-05 20:29 - 00204952 ____A C:\Windows\SysWOW64\ativvsvl.dat
2012-04-05 20:29 - 2012-04-05 20:29 - 00204952 ____A C:\Windows\System32\ativvsvl.dat
2012-04-05 20:29 - 2012-04-05 20:29 - 00157144 ____A C:\Windows\SysWOW64\ativvsva.dat
2012-04-05 20:29 - 2012-04-05 20:29 - 00157144 ____A C:\Windows\System32\ativvsva.dat
2012-04-05 20:25 - 2012-04-05 20:25 - 13764096 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-04-05 20:23 - 2012-04-05 20:23 - 07431680 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-04-05 20:22 - 2010-08-12 21:08 - 04795904 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-04-05 20:21 - 2012-04-05 20:21 - 02664704 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-04-05 20:11 - 2012-04-05 20:11 - 00360448 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-04-05 20:11 - 2012-04-05 20:11 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-04-05 20:11 - 2012-04-05 20:11 - 00017408 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-04-05 20:11 - 2012-04-05 20:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-04-05 20:11 - 2012-04-05 20:11 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-04-05 20:11 - 2010-08-12 21:08 - 00514560 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-04-05 20:10 - 2012-04-05 20:10 - 00343040 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-04-05 20:10 - 2012-04-05 20:10 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-04-05 20:09 - 2012-04-05 20:09 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-04-05 20:09 - 2012-04-05 20:09 - 00044544 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-04-05 20:09 - 2012-04-05 20:09 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-04-05 20:09 - 2010-08-12 21:08 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-04-05 20:09 - 2010-08-12 21:08 - 00032256 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-04-05 20:06 - 2012-04-05 20:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-04-05 20:06 - 2012-04-05 20:06 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-04-05 20:06 - 2012-04-05 20:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-04-05 20:06 - 2012-04-05 20:06 - 00053760 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-04-04 15:56 - 2012-06-12 22:06 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 16:49 - 2012-02-26 22:48 - 00000000 ____D C:\Users\Ashley\Application Data\SoftGrid Client
2012-04-03 16:49 - 2012-02-26 22:48 - 00000000 ____D C:\Users\Ashley\AppData\Roaming\SoftGrid Client
2012-03-30 06:09 - 2012-05-09 21:25 - 01895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-20 20:44 - 2012-03-20 20:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 20:44 - 2012-03-20 20:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-17 02:55 - 2012-05-09 21:25 - 00075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
ZeroAccess:
C:\Windows\Installer\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}
C:\Windows\Installer\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\@
C:\Windows\Installer\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\L
C:\Windows\Installer\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\U
C:\Windows\Installer\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\U\00000001.@
C:\Windows\Installer\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\U\80000000.@
C:\Windows\Installer\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\U\800000cb.@
 
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 4095.3 MB
Available physical RAM: 3506.94 MB
Total Pagefile: 4093.45 MB
Available Pagefile: 3491.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: (OS) (Fixed) (Total:920.88 GB) (Free:814.77 GB) NTFS
7 Drive I: () (Removable) (Total:7.45 GB) (Free:7.45 GB) FAT32
8 Drive j: (RECOVERY) (Fixed) (Total:10.59 GB) (Free:4.21 GB) NTFS
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 7648 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 920 GB 10 GB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 J RECOVERY NTFS Partition 10 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 920 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7647 MB 4096 B
======================================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 I FAT32 Removable 7647 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-08 03:00
======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
Farbar Recovery Scan Tool Version: 13-06-2012 03
Ran by SYSTEM at 2012-06-14 21:06:16
Running from I:\
================== Search: "services.exe" ===================
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\WINDOWS\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    304 bytes · Views: 5
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 13-06-2012 03
Ran by SYSTEM at 2012-06-14 21:24:29 Run:1
Running from I:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24} moved successfully.
C:\WINDOWS\System32\services.exe moved successfully.
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\WINDOWS\System32\services.exe
==== End of Fixlog ====
 
Good news :)

We need to run more scans to make sure you're clean.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-06-14.04 - Ashley 06/14/2012 22:30:42.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2440 [GMT -5:00]
Running from: c:\users\Ashley\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-15 to 2012-06-15 )))))))))))))))))))))))))))))))
.
.
2012-06-15 03:36 . 2012-06-15 03:3669000----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A154F4C-DD0E-4259-9588-4C8076F44087}\offreg.dll
2012-06-15 03:34 . 2012-06-15 03:34--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-15 01:20 . 2012-06-15 01:38--------d-----w-C:\FRST
2012-06-15 00:36 . 2012-06-15 00:35927800----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{542E54D4-D2B1-4FE8-8CFB-9F5032FDD59F}\gapaengine.dll
2012-06-15 00:36 . 2012-05-08 15:028955792----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A154F4C-DD0E-4259-9588-4C8076F44087}\mpengine.dll
2012-06-15 00:35 . 2012-01-31 12:44279656------w-c:\windows\system32\MpSigStub.exe
2012-06-15 00:31 . 2012-06-15 00:31--------d-----w-c:\program files (x86)\Microsoft Security Client
2012-06-15 00:31 . 2012-06-15 00:31--------d-----w-c:\program files\Microsoft Security Client
2012-06-15 00:30 . 2010-04-09 11:06374664----a-w-c:\windows\system32\drivers\netio.sys
2012-06-14 21:40 . 2012-06-14 21:40--------d-----w-c:\users\Ashley\AppData\Local\ESET
2012-06-14 04:49 . 2012-06-14 05:26--------d-----w-c:\program files\ESET
2012-06-13 05:06 . 2012-06-13 05:06--------d-sh--w-c:\windows\system32\%APPDATA%
2012-06-13 03:13 . 2012-06-13 03:13--------d-----w-C:\TDSSKiller_Quarantine
2012-06-13 03:10 . 2012-06-13 03:10--------d-----w-c:\program files (x86)\7-Zip
2012-06-13 03:10 . 2012-06-13 03:10--------d-----w-c:\users\Ashley\AppData\Local\Wajam
2012-06-13 03:10 . 2012-06-13 03:10--------d-----w-c:\program files (x86)\Wajam
2012-06-13 03:10 . 2012-06-13 03:10--------d-----w-c:\program files (x86)\Playbryte
2012-06-13 03:09 . 2012-06-13 03:09--------d-----w-c:\program files (x86)\Yontoo
2012-06-13 03:09 . 2012-06-13 03:09--------d-----w-c:\programdata\Tarma Installer
2012-06-13 03:06 . 2012-06-13 03:06--------d-----w-c:\users\Ashley\AppData\Roaming\Malwarebytes
2012-06-13 03:06 . 2012-06-15 02:30--------d-----w-c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-13 03:06 . 2012-06-13 04:45--------d-----w-c:\programdata\Malwarebytes
2012-06-13 03:06 . 2012-06-13 03:06--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-13 03:06 . 2012-04-04 20:5624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-06-13 01:53 . 2012-06-13 02:05--------d-----w-c:\users\Ashley\AppData\Local\ID Vault
2012-06-13 01:53 . 2012-06-13 01:53--------d-----w-c:\programdata\IsolatedStorage
2012-06-13 01:51 . 2012-06-06 14:21104048----a-w-c:\program files (x86)\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2012-06-13 01:51 . 2012-06-06 14:211724016----a-w-c:\program files (x86)\Mozilla Firefox\IdVaultCore.dll
2012-06-13 01:51 . 2012-06-06 14:21138864----a-w-c:\program files (x86)\Mozilla Firefox\CommonDotNET.dll
2012-06-13 01:51 . 2012-06-06 14:198007680----a-w-c:\program files (x86)\Mozilla Firefox\Microsoft.mshtml.dll
2012-06-13 01:51 . 2012-06-15 03:25--------d-----w-c:\users\Ashley\AppData\Roaming\ID Vault
2012-06-13 01:50 . 2011-07-05 15:1829288------w-c:\windows\system32\drivers\gidv2.sys
2012-06-13 01:50 . 2011-07-05 15:2565816------w-c:\windows\system32\GIDLogonCP64.dll
2012-06-13 01:50 . 2011-07-05 15:24446752------w-c:\windows\system32\GIDHookLogon64.dll
2012-06-13 01:50 . 2009-06-12 21:32109064------w-c:\windows\system32\EasyHook64.dll
2012-06-13 01:50 . 2011-07-05 15:25467224------w-c:\windows\system32\GIDHOOK64.DLL
2012-06-13 01:50 . 2011-07-05 15:23102160------w-c:\windows\system32\GIDBIN3.DLL
2012-06-13 01:50 . 2011-07-05 15:23206608------w-c:\windows\system32\GIDBIN1.DLL
2012-06-13 01:50 . 2012-06-13 01:50--------d-----w-c:\programdata\GID
2012-06-13 01:48 . 2012-06-13 01:48--------d-----w-c:\program files (x86)\Common Files\Java
2012-06-13 01:47 . 2012-06-13 01:47--------d-----w-C:\AMD
2012-06-13 01:47 . 2012-06-13 01:46476936----a-w-c:\windows\SysWow64\npdeployJava1.dll
2012-06-13 01:46 . 2012-04-07 12:183213824----a-w-c:\windows\system32\msi.dll
2012-06-13 01:46 . 2012-04-07 11:342342400----a-w-c:\windows\SysWow64\msi.dll
2012-06-13 01:46 . 2012-06-13 01:46--------d-----w-c:\program files (x86)\Java
2012-06-09 01:59 . 2012-06-09 02:00--------d-----w-c:\users\Ashley\AppData\Roaming\Ventrilo
2012-06-09 01:59 . 2012-06-09 01:59--------d-----w-c:\program files\Ventrilo
2012-06-09 01:58 . 2012-06-09 01:58--------d-----w-c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-06 03:17 . 2012-06-06 03:17--------d-----w-c:\users\Ashley\AppData\Roaming\LolClient2
2012-06-06 03:13 . 2008-07-31 15:4168616----a-w-c:\windows\SysWow64\XAPOFX1_1.dll
2012-06-06 03:13 . 2008-07-31 15:40509448----a-w-c:\windows\SysWow64\XAudio2_2.dll
2012-06-06 03:13 . 2008-07-12 13:18467984----a-w-c:\windows\SysWow64\d3dx10_39.dll
2012-06-06 03:13 . 2008-07-12 13:181493528----a-w-c:\windows\SysWow64\D3DCompiler_39.dll
2012-06-06 03:13 . 2008-07-12 13:183851784----a-w-c:\windows\SysWow64\D3DX9_39.dll
2012-06-06 03:08 . 2012-06-06 03:08--------d-----w-C:\Riot Games
2012-06-06 01:30 . 2012-06-13 01:40--------d-----w-c:\users\Ashley\AppData\Local\PMB Files
2012-06-06 01:30 . 2012-06-13 01:40--------d-----w-c:\programdata\PMB Files
2012-06-06 01:30 . 2012-06-06 01:30--------d-----w-c:\program files (x86)\Pando Networks
2012-05-26 03:44 . 2012-05-26 03:44163048----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 01:46 . 2010-08-12 23:34472840----a-w-c:\windows\SysWow64\deployJava1.dll
2012-04-06 05:22 . 2012-04-06 05:2211174400----a-w-c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22159744----a-w-c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21909312----a-w-c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-08-13 02:081067520----a-w-c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2010-08-13 02:08442368----a-w-c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16503808----a-w-c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16236544----a-w-c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14120320----a-w-c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:1421504----a-w-c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:1459392----a-w-c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:1443520----a-w-c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:136800896----a-w-c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:1026181632----a-w-c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-08-13 02:0864000----a-w-c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-08-13 02:087479296----a-w-c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:5019753984----a-w-c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:351120768----a-w-c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:341831424----a-w-c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:344731904----a-w-c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2010-08-13 02:086203392----a-w-c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:3051200----a-w-c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:3046080----a-w-c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:3044544----a-w-c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:3044032----a-w-c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:2916090624----a-w-c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:2513764096----a-w-c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:237431680----a-w-c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2010-08-13 02:084795904----a-w-c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2010-08-13 02:08514560----a-w-c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11360448----a-w-c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:1117408----a-w-c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:1114848----a-w-c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:1141984----a-w-c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:1033280----a-w-c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10343040----a-w-c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-08-13 02:0854784----a-w-c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:0941984----a-w-c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:0944544----a-w-c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2010-08-13 02:0832256----a-w-c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:0953248----a-w-c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:0654784----a-w-c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:0653760----a-w-c:\windows\SysWow64\amdpcom32.dll
2012-03-30 11:09 . 2012-05-10 02:251895280----a-w-c:\windows\system32\drivers\tcpip.sys
2012-03-21 01:44 . 2012-03-21 01:4498688----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2012-03-21 01:44203888----a-w-c:\windows\system32\drivers\MpFilter.sys
2012-03-17 07:55 . 2012-05-10 02:2575632----a-w-c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49176936----a-w-c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-05-21 165184]
.
c:\users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-6-6 6534256]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [x]
R3 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 GIDv2;GIDv2; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-09-08 383544]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-06-06 66160]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-04-24 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2009-07-14 01:14301568----a-w-c:\windows\System32\cmd.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 15:26435976----a-w-c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000Core.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 05:30]
.
2012-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000UA.job
- c:\users\Ashley\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 05:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKU-Default-Run-binc - c:\windows\system32\config\systemprofile\AppData\Roaming\binc.exe
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\02\03\01\11:$?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2012-06-14 22:40:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-15 03:40
.
Pre-Run: 874,526,806,016 bytes free
Post-Run: 875,835,224,064 bytes free
.
- - End Of File - - E3BDBB52BF98FCB60865C812D65C4AC7
 
Looks good.

Any current issues?

You're running two AV programs, Eset and MSE.
One of them has to go.
Your choice.

When done....

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Uninstalled MSE. Here's my Malwarebytes log.
Thanks for all of your help thus far, I don't know what I would have done. Restarting now and then downloading aswMBR.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.09

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ashley :: ASHLEY-PC [limited]

6/14/2012 10:49:43 PM
mbam-log-2012-06-14 (22-49-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209113
Time elapsed: 1 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-14 22:56:18
-----------------------------
22:56:18.748 OS Version: Windows x64 6.1.7600
22:56:18.748 Number of processors: 6 586 0xA00
22:56:18.748 ComputerName: ASHLEY-PC UserName: Ashley
22:56:20.103 Initialize success
22:56:58.439 AVAST engine defs: 12061401
22:57:03.263 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
22:57:03.268 Disk 0 Vendor: Size: 0MB BusType: 0
22:57:03.273 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000007f
22:57:03.278 Disk 1 Vendor: Size: 0MB BusType: 0
22:57:03.289 Disk 0 MBR read successfully
22:57:03.291 Disk 0 MBR scan
22:57:03.295 Disk 0 Windows VISTA default MBR code
22:57:03.297 Disk 0 MBR hidden
22:57:03.300 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:57:03.313 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10842 MB offset 81920
22:57:03.330 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942986 MB offset 22286336
22:57:03.363 Disk 0 scanning C:\Windows\system32\drivers
22:57:12.492 Service scanning
22:57:33.672 Modules scanning
22:57:33.695 Disk 0 trace - called modules:
22:57:33.738 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
22:57:33.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048e35d0]
22:57:33.761 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa80048cd4e0]
22:57:33.769 5 amdxata.sys[fffff880010a87a8] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa80048c94a0]
22:57:41.722 AVAST engine scan C:\Windows
22:57:44.144 AVAST engine scan C:\Windows\system32
23:00:31.943 AVAST engine scan C:\Windows\system32\drivers
23:00:55.866 AVAST engine scan C:\Users\Ashley
23:03:30.061 Disk 0 MBR has been saved successfully to "C:\Users\Ashley\Desktop\MBR.dat"
23:03:30.067 The log file has been saved successfully to "C:\Users\Ashley\Desktop\aswMBR.txt"
 
You didn't say:
Any current issues?
Click to expand...

=================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Yes, everything seems to be running/acting normal. (For once!)

OTL logfile created on: 6/14/2012 11:13:28 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ashley\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.36% Memory free
8.00 Gb Paging File | 6.21 Gb Available in Paging File | 77.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.88 Gb Total Space | 815.28 Gb Free Space | 88.53% Space Free | Partition Type: NTFS
Drive I: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/14 23:11:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
PRC - [2012/06/06 09:21:49 | 000,066,160 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2012/06/06 09:21:46 | 006,534,256 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2012/04/24 12:39:58 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/07/05 10:24:06 | 000,395,528 | ---- | M] (StrikeForce Technologies Inc.) -- C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
PRC - [2010/05/21 12:00:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/05/21 11:58:30 | 000,673,088 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/03/10 16:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/09/08 12:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
PRC - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/03/16 00:47:28 | 000,122,880 | ---- | M] () -- C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 00:47:24 | 000,139,264 | ---- | M] () -- C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 00:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/12 21:47:33 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\961b28b18dc304d4434ca9938abd1d60\WindowsFormsIntegration.ni.dll
MOD - [2012/06/12 21:46:58 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\b345f2895557e6ef39b94aebdeb4a57e\System.WorkflowServices.ni.dll
MOD - [2012/06/12 21:15:27 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
MOD - [2012/06/12 21:15:21 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/06/12 21:15:10 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\517358eb2fd962a942dd1ea6afc5b93e\PresentationFramework.ni.dll
MOD - [2012/06/12 21:14:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/06/12 21:14:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/06/12 21:14:39 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e9d0ba41128f363f2390c7e630129c2b\PresentationCore.ni.dll
MOD - [2012/06/12 20:58:37 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll
MOD - [2012/06/06 09:21:48 | 000,104,048 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll
MOD - [2012/06/06 09:19:13 | 000,548,040 | ---- | M] () -- C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll
MOD - [2012/05/10 17:16:17 | 001,705,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\b744ac6047519b7b186db4d77a78ca0c\System.ServiceModel.Web.ni.dll
MOD - [2012/05/10 17:15:17 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012/05/10 17:14:47 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\f77eb3dd20db5f2277636d4e700a2a2a\System.IdentityModel.ni.dll
MOD - [2012/05/10 17:14:46 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3848d7865bda88a9e94e03480b5ada2f\System.Runtime.Serialization.ni.dll
MOD - [2012/05/10 17:14:44 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\26a852935ab27c328a148effb43a76bf\SMDiagnostics.ni.dll
MOD - [2012/05/10 17:14:43 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7900b4e8c860d8b4a3c1f98047c3c1a3\System.ServiceModel.ni.dll
MOD - [2012/05/10 17:03:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc626095c194be137bceb219934b06a7\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 17:03:21 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\61fbbd8bc7d76972115b292b132ff2d1\System.Transactions.ni.dll
MOD - [2012/05/10 17:03:20 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/05/10 17:02:55 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\68b5806af0df6ce86027bacb7dc37233\UIAutomationProvider.ni.dll
MOD - [2012/05/10 17:02:47 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/10 17:02:45 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\61af058c2bc079f28397a29ed145fbc7\System.Security.ni.dll
MOD - [2012/05/10 17:02:43 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/10 17:02:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/10 17:02:39 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/10 17:02:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2010/05/21 12:00:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/05/21 11:59:16 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/05/21 11:58:56 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/05/21 11:58:54 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/05/21 11:58:48 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/05/21 11:58:46 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/05/21 11:58:42 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/05/21 11:58:18 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/06/12 16:32:16 | 000,104,456 | ---- | M] () -- C:\WINDOWS\SysWOW64\EasyHook32.dll
MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McProxy)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNASvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNaiAnn)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcmscsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
SRV:64bit: - [2012/04/05 21:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/06/06 09:21:49 | 000,066,160 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2012/04/24 12:39:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/08/12 18:53:27 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/12 18:39:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/21 11:58:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/08 12:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe -- (AMDFusionSVC)
SRV - [2009/06/26 11:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 00:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 20:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/05 10:18:38 | 000,029,288 | ---- | M] (StrikeForce Technologies, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gidv2.sys -- (GIDv2)
DRV:64bit: - [2010/01/29 01:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/16 06:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/10/07 18:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 18:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/24 09:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/14 14:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 18:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/22 14:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 10:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\WINDOWS\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7E2D80BB-7128-4EB1-BF5C-76509A6C707D}
IE:64bit: - HKLM\..\SearchScopes\{7E2D80BB-7128-4EB1-BF5C-76509A6C707D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {CF228700-12F8-48ED-A056-48C285C709F4}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKLM\..\SearchScopes\{CF228700-12F8-48ED-A056-48C285C709F4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 22 55 B6 1B 49 CD 01 [binary data]
IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\..\SearchScopes,DefaultScope = {CF228700-12F8-48ED-A056-48C285C709F4}
IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://default.maxwebsearch.com/s?t...c=20120613&subid=20120613&query={searchTerms}
IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/06/14 00:41:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/06/14 00:41:59 | 000,000,000 | ---D | M]

[2012/06/13 00:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/12 20:47:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ashley\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ashley\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ashley\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ashley\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Wajam = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Gmail = C:\Users\Ashley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/14 22:36:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Constant Guard Protection Suite (COM)) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.605.0\NativeBHO.dll (WhiteSky)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe (StrikeForce Technologies Inc.)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - Startup: C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DB142B7-C278-4303-845A-A5BCB7908A90}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\WINDOWS\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/06/14 23:11:52 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2012/06/14 22:55:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ashley\Desktop\aswMBR (1).exe
[2012/06/14 22:36:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/14 22:28:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/14 22:28:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/14 22:28:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/14 22:19:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/06/14 22:10:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/14 22:09:35 | 004,558,622 | R--- | C] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2012/06/14 20:20:27 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/14 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\ESET
[2012/06/14 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\ESET
[2012/06/14 00:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/06/14 00:41:37 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/14 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/13 23:49:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/06/13 23:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/13 00:06:13 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/12 22:13:07 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/12 22:10:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/12 22:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/06/12 22:10:26 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/06/12 22:10:20 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\Wajam
[2012/06/12 22:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/06/12 22:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Playbryte
[2012/06/12 22:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012/06/12 22:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/12 22:06:55 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Malwarebytes
[2012/06/12 22:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/06/12 22:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/12 22:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/12 22:06:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/12 22:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/12 21:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/06/12 20:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2012/06/12 20:53:46 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\ID Vault
[2012/06/12 20:51:05 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\ID Vault
[2012/06/12 20:50:20 | 000,029,288 | ---- | C] (StrikeForce Technologies, Inc.) -- C:\Windows\SysNative\drivers\gidv2.sys
[2012/06/12 20:50:18 | 000,446,752 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHookLogon64.dll
[2012/06/12 20:50:18 | 000,065,816 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDLogonCP64.dll
[2012/06/12 20:50:16 | 000,467,224 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDHOOK64.DLL
[2012/06/12 20:50:16 | 000,102,160 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN3.DLL
[2012/06/12 20:50:15 | 000,206,608 | ---- | C] (StrikeForce Technologies Inc.) -- C:\Windows\SysNative\GIDBIN1.DLL
[2012/06/12 20:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\GID
[2012/06/12 20:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SFT
[2012/06/12 20:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/06/12 20:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012/06/12 20:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Constant Guard Protection Suite
[2012/06/12 20:49:09 | 000,000,000 | ---D | C] -- C:\ProgramData\White Sky, Inc
[2012/06/12 20:48:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/12 20:47:49 | 000,000,000 | ---D | C] -- C:\AMD
[2012/06/12 20:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/08 20:59:27 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Ventrilo
[2012/06/08 20:59:03 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo
[2012/06/08 20:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2012/06/08 20:58:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/06/05 22:17:55 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Roaming\LolClient2
[2012/06/05 22:08:14 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/06/05 22:08:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/06/05 20:31:23 | 000,000,000 | ---D | C] -- C:\Users\Ashley\Desktop\League of legends
[2012/06/05 20:30:48 | 000,000,000 | ---D | C] -- C:\Users\Ashley\AppData\Local\PMB Files
[2012/06/05 20:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/06/05 20:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\TDSSKiller.exe

========== Files - Modified Within 30 Days ==========

[2012/06/14 23:11:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2012/06/14 23:03:30 | 000,000,512 | ---- | M] () -- C:\Users\Ashley\Desktop\MBR.dat
[2012/06/14 23:01:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 23:01:28 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 22:55:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ashley\Desktop\aswMBR (1).exe
[2012/06/14 22:54:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/14 22:53:56 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 22:49:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/14 22:49:16 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/14 22:49:16 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/14 22:36:36 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/14 22:35:14 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000UA.job
[2012/06/14 22:28:15 | 004,558,622 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2012/06/14 19:31:21 | 000,743,996 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/14 00:35:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000Core.job
[2012/06/13 12:44:42 | 000,740,836 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/12 22:06:45 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/12 21:12:46 | 000,319,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 21:03:44 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/06/12 20:49:37 | 000,002,285 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/06/12 20:49:37 | 000,002,267 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/06/11 18:52:10 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/06/08 20:59:04 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/06/08 20:59:03 | 000,000,919 | ---- | M] () -- C:\Users\Ashley\Desktop\Ventrilo.lnk
[2012/06/05 22:13:23 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2012/06/14 23:03:30 | 000,000,512 | ---- | C] () -- C:\Users\Ashley\Desktop\MBR.dat
[2012/06/14 22:28:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/14 22:28:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/14 22:28:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/14 22:28:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/14 22:28:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/14 19:31:43 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/06/14 00:30:24 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000UA.job
[2012/06/14 00:30:23 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000Core.job
[2012/06/12 22:06:45 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/12 21:03:44 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/06/12 20:50:17 | 000,109,064 | ---- | C] () -- C:\Windows\SysNative\EasyHook64.dll
[2012/06/12 20:49:37 | 000,002,285 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2012/06/12 20:49:37 | 000,002,279 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
[2012/06/12 20:49:37 | 000,002,267 | ---- | C] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2012/06/08 20:59:03 | 000,000,919 | ---- | C] () -- C:\Users\Ashley\Desktop\Ventrilo.lnk
[2012/06/08 20:58:53 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/06/05 22:13:23 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/04/05 20:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 20:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/26 22:47:37 | 000,743,996 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/30 04:15:48 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\@
[2012/01/30 04:15:48 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\@
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/08/12 20:29:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/12 18:54:15 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/08/12 18:54:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/08/12 18:54:15 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2010/08/12 18:54:15 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2010/08/12 18:54:15 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

========== LOP Check ==========

[2012/06/09 00:32:50 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Azureus
[2012/06/14 16:40:10 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\ESET
[2012/06/14 22:55:32 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\ID Vault
[2012/06/04 19:04:39 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\IrfanView
[2012/06/05 22:17:55 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\LolClient2
[2012/02/29 21:30:53 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\Origin
[2012/04/03 16:49:02 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\SoftGrid Client
[2012/02/26 22:48:33 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TP
[2012/02/19 22:33:54 | 000,000,000 | ---D | M] -- C:\Users\Ashley\AppData\Roaming\TS3Client
[2009/07/14 00:08:49 | 000,025,150 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2012/06/14 22:40:06 | 000,024,025 | ---- | M] () -- C:\ComboFix.txt
[2010/08/12 21:19:57 | 000,004,063 | RH-- | M] () -- C:\dell.sdr
[2012/06/14 22:53:56 | 3220,672,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 22:53:58 | 4294,230,016 | -HS- | M] () -- C:\pagefile.sys
[2012/06/12 22:13:27 | 000,132,076 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_12.06.2012_22.12.20_log.txt
[2012/06/12 22:18:24 | 000,255,226 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_12.06.2012_22.16.36_log.txt
[2012/06/12 23:47:06 | 000,129,440 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_12.06.2012_23.46.07_log.txt
[2012/06/13 08:22:24 | 000,123,320 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_13.06.2012_08.21.07_log.txt
[2012/06/13 21:17:25 | 000,123,316 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_13.06.2012_21.16.57_log.txt
[2012/06/14 20:06:40 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_14.06.2012_20.06.36_log.txt
[2012/06/14 20:07:14 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.36.0_14.06.2012_20.06.56_log.txt


< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/01/29 22:20:24 | 000,000,221 | -HS- | M] () -- C:\Users\Ashley\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/14 22:55:37 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ashley\Desktop\aswMBR (1).exe
[2012/06/14 22:28:15 | 004,558,622 | R--- | M] (Swearware) -- C:\Users\Ashley\Desktop\ComboFix.exe
[2012/06/14 23:11:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ashley\Desktop\OTL.exe
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ashley\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/14 00:35:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000Core.job
[2012/06/14 22:35:14 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4177235328-1270327372-3511895208-1000UA.job
[2012/06/14 22:54:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/14 00:08:49 | 000,025,150 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/19 22:20:46 | 000,000,402 | -HS- | M] () -- C:\Users\Ashley\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

< End of report >
 
this is extras

OTL Extras logfile created on: 6/14/2012 11:13:28 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Ashley\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.45 Gb Available Physical Memory | 61.36% Memory free
8.00 Gb Paging File | 6.21 Gb Available in Paging File | 77.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.88 Gb Total Space | 815.28 Gb Free Space | 88.53% Space Free | Partition Type: NTFS
Drive I: | 7.45 Gb Total Space | 7.45 Gb Free Space | 99.98% Space Free | Partition Type: FAT32

Computer Name: ASHLEY-PC | User Name: Ashley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4177235328-1270327372-3511895208-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62B883AB-AC37-9127-56D0-2C3FC0AFC724}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{097E59B5-CCAB-46B6-6A0B-EDF2CA595C84}" = CCC Help French
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{25FAEDD1-3733-86F7-55F5-D7AEAF2D93B0}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{280DF415-F2C2-122F-CC52-AA7EAECF3E14}" = CCC Help Czech
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2D943F95-2C76-4951-9AEF-0977AF5DE11A}" = AMD Fusion Media Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32773B3E-45CA-5CA3-0A6A-E3FF592B3AD3}" = Catalyst Control Center Graphics Previews Vista
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36CEA188-3DFA-6391-4774-C92D4B092407}" = Skins
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46D936B9-DE22-983C-341C-968C3E122CF8}" = CCC Help Dutch
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{480C0D1B-C42A-FD87-F404-A54D9B1C619C}" = CCC Help Hungarian
"{481AB4A0-BB71-F2D9-E155-89F0D773FE9E}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{53447D64-FD9C-B3B9-25B3-47292EE10EBF}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{56158912-D481-DE3A-298C-E13B24E3A87C}" = Catalyst Control Center Graphics Full New
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{6262B40D-FAA5-5CCF-6DE3-9FAFB6C7DC89}" = Catalyst Control Center Graphics Previews Common
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64997420-9AFE-289E-1B7A-E2C59937D973}" = CCC Help Portuguese
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6BBC8D43-AA08-8FCD-EDA6-EED2342A4FF0}" = CCC Help Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E5E3F5-5BE3-BA64-49A6-4FA26EF69721}" = Catalyst Control Center InstallProxy
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{749FCBB7-D313-CCCA-E2CF-7850A019311F}" = CCC Help Finnish
"{74CC9A1B-4A3D-AEEC-3ED6-71F7B42A5EFE}" = CCC Help Chinese Traditional
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8BBCF476-7566-9129-F7C0-619087484138}" = CCC Help Norwegian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FF50F43-7BB0-4BF4-C67F-F9BF254AC278}" = CCC Help Spanish
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{9191979D-821C-4EA8-B021-2DA1D859A7C5}" = GuardedID
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9DD96558-0E0C-8563-E00D-C970155C5503}" = CCC Help German
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A58E067E-2C66-B40A-AF7A-4A82307E671C}" = CCC Help Thai
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA43D433-3DE8-F2CA-1728-4BA962D9FAE4}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AD17B1DD-9342-F787-92EC-E93441042A23}" = CCC Help English
"{AF1D271B-B122-1707-6707-9E29A96082D2}" = CCC Help Polish
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BEE0F537-96FA-8F84-FB5E-570EE86F636A}" = Catalyst Control Center Core Implementation
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{CDD450A5-9F2E-1D61-5FEB-DDD30E985D23}" = CCC Help Korean
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D5BAE960-8312-3EB3-A116-3F5926A1E7B7}" = Catalyst Control Center Graphics Full Existing
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4382E64-1EB5-09D2-5D29-FEBB46A6F340}" = CCC Help Italian
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E9E8E4CC-8274-3831-7103-10B2AD73588C}" = CCC Help Russian
"{EA100873-8DD1-4505-2D61-9666569B54B6}" = Catalyst Control Center Graphics Light
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26A0379-5852-CA4C-0BF6-662AC274A3D8}" = CCC Help Swedish
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8C87E78-B318-C156-F8B0-427F6D3FC443}" = CCC Help Greek
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF527B68-2D1D-B15B-0FFC-8BF8487AD194}" = ccc-core-static
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Dell Dock" = Dell Dock
"GoToAssist" = GoToAssist 8.0.0.514
"ID Vault" = Constant Guard Protection Suite
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"Playbryte" = PlayBryte
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wajam" = Wajam
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4177235328-1270327372-3511895208-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/13/2012 12:43:45 AM | Computer Name = Ashley-PC | Source = IDVault | ID = 0
Description = TerminateStrikeForce failed Cannot process request because the process
(3968) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access,
Boolean throwIfExited) at System.Diagnostics.Process.Kill() at (Object )
at ? .? . ()

Error - 6/13/2012 12:43:45 AM | Computer Name = Ashley-PC | Source = IDVault | ID = 0
Description = TerminateStrikeForce failed Cannot process request because the process
(5808) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access,
Boolean throwIfExited) at System.Diagnostics.Process.Kill() at (Object )
at ? .? . ()

Error - 6/13/2012 12:43:45 AM | Computer Name = Ashley-PC | Source = IDVault | ID = 0
Description = TerminateStrikeForce failed Cannot process request because the process
(5808) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access,
Boolean throwIfExited) at System.Diagnostics.Process.Kill() at (Object )
at ? .? . ()

Error - 6/13/2012 12:43:45 AM | Computer Name = Ashley-PC | Source = IDVault | ID = 0
Description = TerminateStrikeForce failed Cannot process request because the process
(5808) has exited. at System.Diagnostics.Process.GetProcessHandle(Int32 access,
Boolean throwIfExited) at System.Diagnostics.Process.Kill() at (Object )
at ? .? . ()

Error - 6/13/2012 12:43:45 AM | Computer Name = Ashley-PC | Source = IDVault | ID = 0
Description = TerminateStrikeForce failed Access is denied at System.Diagnostics.Process.Kill()

at (Object ) at ? .? . ()

Error - 6/13/2012 9:13:41 AM | Computer Name = Ashley-PC | Source = ESENT | ID = 490
Description = wuaueng.dll (1392) SUS20ClientDataStore: An attempt to open the file
"C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The open file operation will fail with
error -1032 (0xfffffbf8).

Error - 6/13/2012 9:14:10 AM | Computer Name = Ashley-PC | Source = IDVault | ID = 0
Description = TerminateStrikeForce failed Access is denied at System.Diagnostics.Process.Kill()

at (Object ) at ? .? . ()

Error - 6/13/2012 9:32:54 AM | Computer Name = Ashley-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 6/13/2012 9:42:03 AM | Computer Name = Ashley-PC | Source = IDVault | ID = 0
Description = TerminateStrikeForce failed Access is denied at System.Diagnostics.Process.Kill()

at (Object ) at ? .? . ()

Error - 6/13/2012 9:42:04 AM | Computer Name = Ashley-PC | Source = IDVault | ID = 0
Description = IsStrikeForceAlreadyRunning MainModule.FileName; failed Only part
of a ReadProcessMemory or WriteProcessMemory request was completed at System.Diagnostics.NtProcessManager.GetModuleInfos(Int32
processId, Boolean firstModuleOnly) at System.Diagnostics.NtProcessManager.GetFirstModuleInfo(Int32
processId) at System.Diagnostics.Process.get_MainModule() at (Object ) at
? .? . ()

[ System Events ]
Error - 5/31/2012 4:01:13 AM | Computer Name = Ashley-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

Error - 5/31/2012 6:09:15 PM | Computer Name = Ashley-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:25:53 AM on ?5/?31/?2012 was unexpected.

Error - 5/31/2012 6:09:39 PM | Computer Name = Ashley-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 5/31/2012 6:09:41 PM | Computer Name = Ashley-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 5/31/2012 6:09:41 PM | Computer Name = Ashley-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 6/3/2012 6:04:27 PM | Computer Name = Ashley-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:36:58 PM on ?5/?31/?2012 was unexpected.

Error - 6/3/2012 6:04:55 PM | Computer Name = Ashley-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 6/3/2012 6:09:54 PM | Computer Name = Ashley-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).

Error - 6/3/2012 6:10:14 PM | Computer Name = Ashley-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

Error - 6/3/2012 6:12:26 PM | Computer Name = Ashley-PC | Source = DCOM | ID = 10010
Description =


< End of report >
 
Good news :)

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (MSK80Service)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McProxy)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNASvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McNaiAnn)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (mcmscsvc)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4177235328-1270327372-3511895208-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2012/01/30 04:15:48 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\@
[2012/01/30 04:15:48 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\@


:Services

:Reg

:Files
C:\Program Files (x86)\Wajam

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
part 1 complete.
All processes killed
========== OTL ==========
Service MSK80Service stopped successfully!
Service MSK80Service deleted successfully!
File C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc not found.
Service McProxy stopped successfully!
Service McProxy deleted successfully!
File C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc not found.
Service McODS stopped successfully!
Service McODS deleted successfully!
File C:\Program Files\McAfee\VirusScan\mcods.exe not found.
Service McNASvc stopped successfully!
Service McNASvc deleted successfully!
File C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc not found.
Service McNaiAnn stopped successfully!
Service McNaiAnn deleted successfully!
File C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc not found.
Service mcmscsvc stopped successfully!
Service mcmscsvc deleted successfully!
File C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc not found.
Error: No service named McMPFSvc was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McMPFSvc deleted successfully.
File C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}\ deleted successfully.
C:\Program Files (x86)\Wajam\IE\priam_bho.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4177235328-1270327372-3511895208-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\@ moved successfully.
File C:\Windows\System32\config\systemprofile\AppData\Local\{27326c5e-4cf3-c4e0-46d4-37fdcce19b24}\@ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files (x86)\Wajam\Updater folder moved successfully.
C:\Program Files (x86)\Wajam\IE folder moved successfully.
C:\Program Files (x86)\Wajam\Firefox folder moved successfully.
C:\Program Files (x86)\Wajam folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ashley
->Temp folder emptied: 59218694 bytes
->Temporary Internet Files folder emptied: 62474228 bytes
->Java cache emptied: 35 bytes
->Google Chrome cache emptied: 30345449 bytes
->Flash cache emptied: 1742 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82348 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 63283413 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 205.00 mb


[EMPTYJAVA]

User: All Users

User: Ashley
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Ashley
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.48.0 log created on 06142012_234809

Files\Folders moved on Reboot...
C:\Users\Ashley\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_ASHLEY-PC$\1820 not found!

Registry entries deleted on Reboot...
 
part 2:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 33
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
Farbar Service Scanner Version: 09-06-2012
Ran by Ashley (administrator) on 15-06-2012 at 00:00:32
Running from "C:\Users\Ashley\Downloads"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 18:00] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 21:25] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 19:36] - [2009-07-13 20:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 20:48] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back